惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Heimdal Security Blog
A
Arctic Wolf
K
Kaspersky official blog
V
Vulnerabilities – Threatpost
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Simon Willison's Weblog
Simon Willison's Weblog
L
LINUX DO - 热门话题
MongoDB | Blog
MongoDB | Blog
T
Threat Research - Cisco Blogs
D
Docker
爱范儿
爱范儿
T
Tenable Blog
C
Check Point Blog
B
Blog
C
Cisco Blogs
Vercel News
Vercel News
The Cloudflare Blog
T
Threatpost
NISL@THU
NISL@THU
T
Tor Project blog
V2EX - 技术
V2EX - 技术
P
Palo Alto Networks Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Tailwind CSS Blog
G
GRAHAM CLULEY
P
Privacy & Cybersecurity Law Blog
SecWiki News
SecWiki News
博客园 - 司徒正美
S
Security @ Cisco Blogs
GbyAI
GbyAI
S
Secure Thoughts
Microsoft Security Blog
Microsoft Security Blog
The Register - Security
The Register - Security
Recorded Future
Recorded Future
Cloudbric
Cloudbric
Webroot Blog
Webroot Blog
N
News and Events Feed by Topic
Y
Y Combinator Blog
博客园_首页
T
Troy Hunt's Blog
The Hacker News
The Hacker News
雷峰网
雷峰网
Google DeepMind News
Google DeepMind News
U
Unit 42
AWS News Blog
AWS News Blog
PCI Perspectives
PCI Perspectives
V
Visual Studio Blog
博客园 - 聂微东
有赞技术团队
有赞技术团队
酷 壳 – CoolShell
酷 壳 – CoolShell

Okta Security RSS Feed

OpenSSL HollowByte: A DoS Hiding in 11 Bytes Datadog and Okta Combine for New Customer Detections Detecting OpenClaw at Sign-In Okta Hardening Guide Updated to Secure Non-Human Identities Okta Pooled Security Audits: a One-Year Retrospective Account Recovery, without Password Resets Okta’s Response to React2Shell Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework Attackers Target Hotelier Accounts in Malvertising and Phishing Campaign Using Auth0 Logs for Proactive Threat Detection Controlling Cross-App Data Sprawl in Google Workspace How this ClickFix campaign leads to Redline Stealer Paving the Path: Pooled Audits with Okta Security Building Confidence in Support Comms with Caller Verify at Okta Enabling ISO/IEC 27001:2022 Compliance with Okta Okta’s Secure by Design Pledge - One Year On Leveraging Okta System Logs for Proactive Threat Detection Enhancing Customer Trust Through a Comprehensive Audit Program Okta's new Security Technical Implementation Guide (STIG) A Guide to DORA Compliance with Okta How AI services power the DPRK’s IT contracting scams Detect and Prevent Cross Device Authentication How Responsible Disclosures are Shaping a Safer Cyberspace Cybersecurity’s Next Gen Next.js CVE-2025-29927 CSO Conversations: Matthew Hansen, Regional CSO of Americas West Empowering Security with Customer Trust Solutions Putting Security First with Secure Development One trick finds the root of any Okta troubles CSO Conversations: Stephen McDermid, Regional CSO of EMEA Content-Security-Policy in a Complex Environment CSO Conversations: Keiko Itakura, Regional CSO of Japan How Okta Embraces Identity Verification Using Persona CSO Conversations: Matt Immler, Regional CSO of Americas East Cyber-Safety over the Holidays Okta Social Engineering Impersonation Report - Response and Recommendation Five Reasons to Upgrade your Org to Okta Identity Engine Okta’s Ongoing Commitment to Secure By Design Unveiling the Essence of the Security Customer Trust Function Security Education Through the Art of Storytelling Seven Ways to Reduce Super Admins in Okta The Case for Zero Standing Privileges FastPass: The battle-hardened authenticator Detecting Cross-Origin Authentication Credential Stuffing Attacks How to Block Anonymizing Services using Okta Why Cyber-heroes need a Zero Trust CAEP! Okta Verify Vulnerability Disclosure Report - Response and Remediation Defensive Domain Registration is a Mug’s Game Protecting Administrative Sessions in Okta How to Secure the SaaS Apps of the Future Okta October 2023 Security Incident Investigation Closure October Customer Support Security Incident - Update and Recommended Actions Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation Tracking Unauthorized Access to Okta's Support System Go “Secure by Default” With Custom Admin Roles for IT support staff Cross-Tenant Impersonation: Prevention and Detection BYO Telephony and the future of SMS at Okta Saying “No Thanks” to nOAuth Telling More Okta Detection Stories with Google Chronicle An Unexpected Endorsement for WebAuthn Social Engineering is Getting More Extreme, but the Fixes Can Be Simple Study up on Okta Logs for Splunk’s Boss of the SOC! Keeping Phishing Adversaries Out of the Middle Using Workflows to Respond to Anomalous Push Requests Okta and Splunk Combine to Detect Common Attacks Setting the Right Levels of Assurance for Zero Trust Catch-All's and Canary Rules User Sign-in and Recovery Events in the Okta System Log Okta Code Repositories Detecting Real-Time Phishing Attacks Detecting Real-Time Phishing Attacks Okta’s Response to OpenSSL Security Update Monitoring for Abuse of Administrative Privileges System Log: a Window into Supporting the Okta Cloud The Human Factor in Phishing Resistance Auth0 Code Repository Archives From 2020 and Earlier Phishing Resistance and Why it Matters Detecting Scatter Swine: Insights into a Relentless Phishing Campaign Defending against Session Hijacking Unlocking the Mystery of 700+ Okta System Log Events Official Okta Statement on LAPSUS$ Claims Protection, without perimeters We (still) need to talk about RDP Just How Risky is Legacy Authentication?
Raising the Bar for our Industry with IPSIE
Carmen Girardin · 2025-01-15 · via Okta Security RSS Feed

Okta’s vision of building a world where anyone can safely use any technology, powered by their Identity, continues to be our guiding factor. Today, almost 20,000 customers rely on Okta’s industry-leading Identity solutions worldwide in nearly every industry sector.

Early last year, Okta announced the Okta Secure Identity Commitment (OSIC), a long-term pledge to lead the industry in the fight against Identity attacks. The Commitment consists of four pillars, including Raising the bar for our industry. We’re committed to making this a reality.

The rise in Identity-based attacks

Based on Okta’s internal reporting, Okta detects and blocks over 3 billion attacks per month. We protect over 800 million unique monthly users from cyber threats, ranging from credential stuffing to malicious bots. Enterprise anonymized data confirmed that over a 90-day period, we reduced credential stuffing attempts and malicious bot traffic by more than 90% for some of our largest customers.

From year to year, motivated threat actors employ new and innovative techniques in their ongoing efforts to gain unauthorized access. In a 2024 report in which Okta participated, Verizon concluded 68% of breaches involved a human element, and 24% involved the use of stolen credentials.

At Okta, we continue to live our corporate values by enforcing industry best practices; 100% of Okta employees use phishing-resistant authentication solutions like Okta FastPass with device assurance and Adaptive Multi-Factor Authentication (AMFA). To learn more about MFA and phishing-resistant authentication, download our Secure Sign-In Trends Report 2024.

A new industry standard

To set the stage and advance the tech sector, the OpenID Foundation (OIDF) recently announced the formation of a new working group with support from Okta, Ping Identity, Microsoft, SGNL, Beyond Identity, and Capital One. The Interoperability Profiling for Secure Identity in the Enterprise, or IPSIE, is the name of the OpenID Foundation working group tasked with establishing this new Identity standard.

Last year’s Oktane messaging heavily focused on the theme of possibility. When introducing Okta’s commitment to IPSIE at Oktane24 in Las Vegas, Okta CEO and Co-Founder Todd McKinnon said, “The goal with IPSIE is to standardize identity security and help foster an open ecosystem where building and using enterprise applications that are secure by default is easy for everyone.” 

To support the integration of critical identity security capabilities in SaaS applications, the IPSIE working group intends to collaboratively focus on:

  • Single sign-on

  • Lifecycle management

  • Entitlements, such as Governance and Privileged Access

  • Risk signal sharing

  • Session termination

Today, representatives from 25 unique companies are coming together each week to collaborate with meaningful discussion in pursuit of advancing this innovative industry standard. Open and available to all, the IPSIE working group has the potential to transform enterprise SaaS security.

Joining forces and coming together

Andrew Carnegie expressed his belief in collaboration as a powerful force for achieving greater success by famously stating, “Teamwork is the ability to work together toward a common vision. The ability to direct individual accomplishments toward organizational objectives. It is the fuel that allows common people to attain uncommon results.”

IPSIE aims at fostering a more open, consistent, flexible SaaS ecosystem by empowering organizations to adhere to a higher level of security, more seamlessly and efficiently integrating amongst tech stacks. It also increases visibility across the Identity threat surface to better help protect against cyber attacks. Okta is excited to support and participate in the working group because we believe that a unifying industry standard is the key to fostering an open ecosystem, where it’s both seamless and efficient to build and use enterprise apps that are secure by default.

We recently published integrations with 50 leading enterprise SaaS applications including Google, Microsoft Office 365, Slack and Salesforce that support modern identity best practices aimed at enhancing security and reducing operational burden. Each integration takes just seconds to set up and requires virtually no ongoing maintenance, giving enterprises instant access to capabilities for their most-used apps such as Universal Logout with the ability to immediately terminate user sessions when a threat is detected. These integrations best meet the tech landscape and customers where they are today, while better protecting systems and data going forward.

We’ll keep you posted

As we continue to progress on the new IPSIE standard within the OpenID Foundation working group, take comfort in knowing we will continue to keep you updated. Okta is committed to working with third-party standards bodies, Identity providers and SaaS vendors to continue to get you more visibility of evolving threats. The working group aims to have the first set of draft specifications published in early 2025.

Join us in our fight against Identity-based attacks, and learn more on how to get involved with the OpenID Foundation working group to tackle key Identity security challenges in today’s enterprise environments.

Carmen Girardin is a Manager, Security Communications at Okta. Backed by over a decade of experience in the fintech sector, Carmen is a proficient technical writer with domain expertise in Identity and Access Management (IAM). She is passionate about delivering engaging, timely customer communications on the cybersecurity ecosystem and the evolving threat landscape, to help our customers gain the most value from Okta. Carmen spends her downtime traveling, thrifting for treasures and reading.