Week 24, 2022
Last updated
Last updated
We’ve just gotten back from a whirlwind trip to the RSA Conference in San Francisco where we met up with partners, customers, prospects, and friends. If you’re following our LinkedIn (if not, you should do that HERE), you already know that the identity security space is on fire right now, and that was evident at the conference. Lots of talk of identity hygiene, identity-first security, and identity threat detection and response – it was heaven!
Naturally, our team has been busy building out and adding great features to our identity security platform, so let’s dig right in and get you caught up:
Google Workspace Integration
Oort now supports Google Workspace as an identity provider. With so many organizations now fully cloud-native in the Google ecosystem, this integration gives thousands of organizations even greater visibility into their identity hygiene, user activity, and security posture. The integration supports Users, Event Logs, and Devices and is available in the integrations console now.
Slack App Directory
Oort Bot is now in the Slack app directory! Seamless integration with remediation workflows and communications channels is core to our mission here, and we’re excited to now offer low-lift identity threat remediation with our native Slack integration. Check it out on the Slack marketplace HERE.
❄️ Sneak peak: Oort is Powered by Snowflake
Just announced at Snowflake Summit in Las Vegas, Oort is a proud launch partner of the Snowflake Cybersecurity Data Cloud! This means that Snowflake customers can now bring Oort to their security data lake for high performance workloads and extended lookback windows for greater visibility into threat persistence and context. There will be much more to come on this, but REACH OUT now for more info and to get your data lake hooked up to Oort!
Additional Features:
📝 Custom Messages – You can now customize the message when sending Check failure notifications to users and managers in Slack, Teams, and email.
🏷 Check Tagging – You can now apply tags to Identity Security Checks to keep them organized and filterable in the Oort dashboard.
✅ PRO TIP: Use tags to indicate which IT or security team member is responsible for which checks. These will show up in the notifications that are sent out from Oort, so your workforce know exactly who to contact to investigate and/or remediate.
There’s a richer set of user details available now, with a consolidated view of every identity’s activity including browser, OS, IP, authentication factor, location, and more.
“This is like a SIEM for identity!”
– Oort Customer (SOC Analyst)
Filtering & Exclusions
There are new filtering and exclusion options in the user search bar. Run any search or filter to include it in the results. Click the 🚫 to exclude it. This feature can be turned on for you, just ask.
**NEW** Identity Security Checks:
✅ No Maximum Set for Session Length
Not setting maximum session length or setting idle session for longer than two hours may lead to long sessions. Long lasting active SSO session cause accounts not to re-authenticate for the whole session duration. These accounts present a higher risk as their identity wasn’t validated.
✅ User Password Expiration Failure
Among others, long lasting active SSO session can cause accounts not to reset their passwords. These accounts didn’t reset their passwords for a configurable period of time. We suggest to enforce password reset.
✅ Slack User Inconsistencies
This check detects if your slack account has users defined that are not defined in the IdP. These users might have access to sensitive information being shared in Slack, while their absence from IdP could indicate that they are from outside your organization and therefore might not be authorized to access it.