Week 51, 2022
Last updated
Last updated
Earlier in December, we released new capabilities to gain insights on IP addresses, such as filtering by country and threat categories. This week, we're announcing an all new "Networks" tab. This new view is dedicated to IP information, network insights, and geo location data. Within this tab, you can sort by IP addresses, hit count and location. Because everyone loves a map, weโve also visualized where the associated active IP addresses are located. This visualization is really helpful when youโre trying to pinpoint the โnormalโ locations for a user and identify anomalies. Need more context? Simply hover over the location markers on the map to show more information about the location, and click to drill down into all activity associated with that IP address. Itโs not just about locations, of course. Weโre correlating the active IP addresses against threat intelligence feeds and displaying the relevant tags (for example, โWindows_Exploitsโ is shown below). Oort customers who have configured location data in Azure AD will also see tagging by known location names, making it easy to filter through trusted networks.
Stay tuned! As weโve got some exciting plans for surfacing even more interesting views and insights within the Networks tab.
Every business has expensive software licenses that are never used. According to some estimates, 38% of your SaaS tools likely remain unused over the average 30-day period. While Oort is not a software license management (SLM) tool, we do have really good visibility into what apps your users have access to and how often they use them. With Oort's new โUnused Application For A Userโ check, Oort detects applications that were not used by the user in the last 30 days. We recommend first checking with users (or their managers) about their unused applications. Removing access can save hundreds of thousands of dollars per year, but it also helps improve security. By removing access to applications, especially critical ones, that people donโt need to do their job, you can reduce the attack surface significantly. You can tune and configure this insight to make it specific to your needs. For example, you can add specific applications to ignore, and specify if only sensitive applications should be checked. (Sensitive applications can be defined within โTenant Settingsโ).
Azure Employee Type. Within the Azure component on user profiles, Oort now displays the Employee Type.
Improved Notification Tracking. With Oort logs, you can now track to see if individuals have been alerted via a message to a channel. The logs previously only tracked notifications sent to individuals.
Search by multiple IP addresses. If a check has multiple IPs associated, you will see the option to โView Activity from All IPs). This will now return the appropriate results.