Week 51, 2022

🌐 Network Information

Earlier in December, we released new capabilities to gain insights on IP addresses, such as filtering by country and threat categories. This week, we're announcing an all new "Networks" tab. This new view is dedicated to IP information, network insights, and geo location data. Within this tab, you can sort by IP addresses, hit count and location. Because everyone loves a map, we’ve also visualized where the associated active IP addresses are located. This visualization is really helpful when you’re trying to pinpoint the “normal” locations for a user and identify anomalies. Need more context? Simply hover over the location markers on the map to show more information about the location, and click to drill down into all activity associated with that IP address. It’s not just about locations, of course. We’re correlating the active IP addresses against threat intelligence feeds and displaying the relevant tags (for example, “Windows_Exploits” is shown below). Oort customers who have configured location data in Azure AD will also see tagging by known location names, making it easy to filter through trusted networks.

Stay tuned! As we’ve got some exciting plans for surfacing even more interesting views and insights within the Networks tab.

🔔 New Check Available: Unused Application For A User

Every business has expensive software licenses that are never used. According to some estimates, 38% of your SaaS tools likely remain unused over the average 30-day period. While Oort is not a software license management (SLM) tool, we do have really good visibility into what apps your users have access to and how often they use them. With Oort's new “Unused Application For A User” check, Oort detects applications that were not used by the user in the last 30 days. We recommend first checking with users (or their managers) about their unused applications. Removing access can save hundreds of thousands of dollars per year, but it also helps improve security. By removing access to applications, especially critical ones, that people don’t need to do their job, you can reduce the attack surface significantly. You can tune and configure this insight to make it specific to your needs. For example, you can add specific applications to ignore, and specify if only sensitive applications should be checked. (Sensitive applications can be defined within “Tenant Settings”).

Bug Fixes and Minor Improvements

  • Azure Employee Type. Within the Azure component on user profiles, Oort now displays the Employee Type.

  • Improved Notification Tracking. With Oort logs, you can now track to see if individuals have been alerted via a message to a channel. The logs previously only tracked notifications sent to individuals.

  • Search by multiple IP addresses. If a check has multiple IPs associated, you will see the option to “View Activity from All IPs). This will now return the appropriate results.

Last updated