Week 49, 2022
Last updated
Last updated
Despite moving to the cloud, many organizations continue to rely on Active Directory to be the source of truth. Accounts created in Azure AD will not automatically sync to the on-prem, Active Directory. This can create real issues for when employees leave. Because termination processes start with Active Directory, former employees can retain access to applications in Azure AD via these disconnected accounts that exist only in AAD. In the new "Role Assigned to Azure Cloud Only Account" (stay tuned, this name might change to something mildly less obtuse), Oort identifies if an account is assigned applications and permissions in Azure AD, but not Active Directory.
It can be tricky to keep track of who has access to which applications, which of those are in use, and when they were last accessed. This is easy to do in Oort’s user profiles, where there is a dedicated tab for drilling down into their associated applications. In this release, we’ve created easier ways to sort the applications table in a range of ways. Admins can now sort by application name, source, access granted by (group name or user email), usage count, last access date, and last sign-in result.
In the world of remote work, it’s inevitable that users will be logging in from a range of different locations. This can make it challenging to identify those attempted logins that are malicious. In this release, we’re surfacing more information about IPs for easier triage. For further context, users can click through to country tags on IPs and investigate additional activity from that country (shown below). Furthermore, when we detect IP threats, we will now show the associated threat tags (such as Denial of Service, Botnets, Windows Exploits).
For the security teams that use Oort, it’s important to tie into existing workflows. This can be instant messaging, emails, ticketing, or SIEMs. We’ve listened to our customers and are now excited to announce that Oort users can now triage checks within Microsoft Sentinel. Get in touch with us if you’d like to learn more!
Oort users roles are now displayed in the top right