It’s become evident that conventional identity and access management, along with preventive security measures, falls short in safeguarding identity systems against malicious attacks. To bolster readiness for cyberattacks, leaders in security and risk management must incorporate ITDR capabilities into their security infrastructure.
This webinar delves into how the adaptable plugin architecture of the open-source Falco empowers security responders to expand their system call event detection capabilities to encompass auditing events originating from identity systems like Okta. Specifically, the Okta plugin for Falco enables the retrieval of log events from Okta and the generation of sinsp/scap events (compatible with Falco) for each log entry.
Given the novelty of ITDR capabilities, the available pre-defined playbooks addressing identity-threat-specific scenarios and other forms of attacks on identity infrastructure are limited; however, the Falco plugin facilitates the extraction of key information from Okta log events, including:
- Event time
- Event type
- Actor name
- Application details
Armed with this data, security teams can now craft tailored security rules to identify and thwart identity threats that might otherwise evade traditional identity and access management (IAM) detection controls.
Nigel Douglas, Senior Technical Marketing Manager, Sysdig
Luca Guerra Open Source Engineer, Sysdig