Since February 2022, when we the Oort Identity Security Platform, Oort has grown to secure more than half a million accounts.
We wouldnāt be where we are today without our early adopters, including the likes of , , and . We also wouldnāt have gotten far without our advisors and technology partners, such as , , Microsoft, and .
The industry has quickly realized that identity is a huge blindspot for security and we need to do something about it. This trend has been picked up in Gartnerās research, too. Their paper outlined why organizations need ITDR capabilities and why existing solutions are falling short.
With our investment, announced in October, we have set ourselves up for an exciting 2023 as we continue to expand our capabilities and customer base.
Amidst all that excitement, I want to take a moment to step back, and share a bit about where Oort came from and where weāre headed.
Customers, investors, partners, employees, random acquaintancesā¦ they all have the same question: āwhy are you called Oort?ā
Followed by:
āIs that an acronym? Does it stand for something?ā
āHow do you pronounce it? Is it O.O.R.T. ? Or O-Ort?ā
āIs the comet in the logo a letter? Or is the name of the company just ORT?ā
Weāve heard them all.
Fortunately, when we do reveal the origin of our name, it is often met with delight. The beauty of a good analogy. So letās answer it then: why ARE we called Oort?
Oort, our company, is named after the Oort Cloud, which, in turn, is named after 20th century Dutch astronomer Jan Oort. Back in the 1950s, Jan Oort theorized the existence of a massive spherical cloud of icy objects orbiting our solar system beyond the reaches of Pluto and the Kuiper belt, which later became known as the Oort Cloud.
Jan Oort himself was a remarkable scientist. Using real galactic observations, he was able to prove the theory that our Sun is not the center of the Milky Way and that the Milky Way itself rotates around its center which lies some 30,000 light years away from our solar system. Not only that, but the Earth and the rest of our solar system takes 225 million years to orbit the center of the galaxy. By observing the speed of rotation of the stars in our galaxy, Oort even discovered the first evidence of dark matter.
After surviving the Nazi occupation of the Netherlands during World War II, Jan Oort went on to study the behavior of comets and proposed the idea that long-period comets originate from a common region outside the reaches of the furthest planets. He theorized the existence of a swirling cloud of billions of comets orbiting our solar system.
A slight disruption of any one of these icy objects can send it hurtling towards our inner solar system. As these balls of dust and ice get close to the Sun, they begin to melt and let off gasses, which form the tail of the comet.
While this history of astronomy may be fascinating, what has it got to do with enterprise security? Believe it or not, our solar system and the Oort Cloud are the perfect analogy for the modern enterprise.
Think of your typical model of the solar system from elementary school: the Sun, the eight planets, the asteroid belt. In our analogy, this is where all of your assets, data, and applications reside. Maybe youāre using cloud infrastructure, SaaS applications, on-premise systems; these are all part of the core of your business and this is exactly what you are trying to protect.
Now zoom way out.
What do you see orbiting your company? Thousands? Hundreds of thousands? Millions of identities. Employees, contractors, third-parties, vendors, partners, customers. Theyāre all out there, and they all need access to bits and pieces of your core assets and data.
Every company has an Oort Cloud. A swirling mass of identities orbiting their business. Whether theyāve discovered it yet or not, itās always been there. The only difference is that now, in 2023, we can no longer afford to ignore it. The walls have come down and it just takes one errant object to inflict massive damage on our home planet.
Identity is the new perimeter. The shift to remote work finally brought these swirling identities into view. Weāre all working from our own devices, from our own networks, accessing whatever applications we need to get the job done. Network security and device security donāt stand a chance in this brave new world of distributed work.
Attackers have been quick to target this change. They donāt need to wait for the next unpatchable 0-day vulnerability. In fact, most attackers donāt use malware at all; they simply login. Once they are in, security teams are blind to how attackers abuse and manipulate identities to access company assets, data, and applications.
Most companies have incredible security tools to secure devices, applications, networks, and data ā but almost nothing for identity. Identity is an afterthought.
We intend to change that.
When I say āidentity is the new perimeterā, Iām not being hyperbolic: I truly believe that the future of security is identity-first.
Weāve witnessed a few missteps in the rollout of Zero Trust. Many organizations jumped directly to Zero Trust Network Access (ZTNA) without realizing that every single ZTNA solution on the planet heavily depends on a solid identity foundation. Identity is so fundamental to adopting Zero Trust that organizations that rushed to deploy ZTNA are now backtracking to reassess whether their identity security program is up to the task (if it even exists in the first place).
At Oort, weāre lucky enough to have some incredible advisors, including John Kindervag ā who first coined the term āZero Trustā when he was an analyst at Forrester. The term Zero Trust has taken on a life of its own with a million different meanings. However, it all comes back to replacing the old ātrust but verifyā mindset with ānever trust always verify.ā Unfortunately, ZTNA solutions ignore this mantra when they blindly trust external IAM providers to both authenticate and authorize identities.
Whose responsibility is identity anyway? Dmitriy Sokolovskiy once summed up āidentity is at the root of pretty much everythingā. Identity is an important piece of any security program; clearly, identifying authentication issues, identity threats, and identity attack surface weaknesses is critical.
Unfortunately, there is a strange, historical disconnect between the IAM infrastructure and the security teams. IT teams have spent years implementing new IAM tools, like Active Directory, Duo, Okta, SailPoint, CyberArk, and many others. Yet security teams often have zero visibility or control over these tools.
Your average security analyst understands network traffic and protocols, device operating systems and vulnerabilities, but when faced with federated SAML or OAuth tokens, they donāt know where to start.
While smart CISOs and security leaders are now adding IAM expertise to their teams and building out their IAM security programs, the vast majority are still in the dark on the fundamental importance of identity to their overall security program.
Just like securing any other infrastructure, IAM infrastructure requires IAM security. IAM security requires expertise.
Oort is here to help.
Iām so grateful for everyone that has helped us to quickly become the leaders in ITDR space. We have exciting plans for 2023 to add new capabilities that will enable security teams to better detect and respond to identity threats.
But we donāt want to stop there: at Oort, weāre building the identity security platform that will provide a complete view of every orbiting identity and the risk they pose to organizationsā data and assets.
Watch this space!
If you want to be part of this journey, weāre hiring! Check out our current openings here: https://oort.io/careers.
If you want to see Oort in action, you can schedule a demo with our team here: https://oort.io/demo.
An artistāsā impression of the Oort Cloud. Source:
When it comes to true Zero Trust adoption, Iām a big fan of , which seems to be one of the most sensible paths forward. CISA names Identity as the first pillar of Zero Trust. Understand the actors (who need access) and the assets (what they need access to). Everything else - when, where, why, how - is secondary.
Jan Oort used real empirical observations to prove the theory of galactic rotation. We can do the same for identity threats. This is not just a theoretical risk; itās really happening. According to the , 80% of all breaches involved the use of lost or stolen credentials. Account takeover is real and it has real repercussions.
A string of high-profile attacks in 2022 prove it. In December, in two separate incidents, attackers stole code from the GitHub accounts of and . These are powerful examples of how hard it is to protect identities within enterprises (for those interested, I wrote a column in Dark Reading about some of the .)
Attackers are also becoming smarter about who they target. Earlier in 2022, . Lapsus$ targeted a customer support agent working for a third party. Via this identity, the attackers were able to access both internal company sites and customer service records.
Itās not simply a case of requiring Multi Factor Authentication (MFA), either. Attackers are now finding ways to bypass MFA, especially weak forms like SMS. A group known as (OTPs) delivered over SMS. These passwords could be used by Okta customers as temporary authentication codes. Unfortunately, with access to Twilio, 0ktapus could see these OTPs.
This is not a one off: we see attacks on MFA all the time. Auth0ās showed the scale of MFA attacks: on average, they saw 1.24M MFA bypass attacks every day. Sadly, MFA is not the silver bullet.
