Close of acquisition: Spera Security joins forces with Okta to advance Identity-powered security

Update, 8 Feb., 2024: I’m pleased to announce that Okta has completed the acquisition of Spera Security,  an identity security platform, to expand our identity threat detection and security posture management capabilities. We aim to make the product generally available in spring 2024.

We welcome Spera Security to Okta! We're excited to see what advancements we make in identity-powered security together!

Original announcement, 19 Dec., 2023: Te are excited to announce that we’ve entered into a definitive agreement to acquire Spera Security, an identity security platform, to expand our identity threat detection and security posture management capabilities. 

Earlier this year, we announced key capabilities for Okta FastPass, our phishing-resistant, passwordless authenticator; unveiled Identity Threat Protection with Okta AI at Oktane; and released Okta Privileged Access in GA. This acquisition continues our investment in secure identity product offerings and furthers our vision to enable everyone to safely use any technology. We anticipate that the acquisition will be completed during our first financial quarter beginning on 1 February, 2024. This acquisition has no impact on our previously communicated guidance.

Enhancing security posture management for identity

Identity breaches are the number #1 attack vector threatening organisations today. 86% of breaches stem from phishing attacks and other forms of credential abuse, including social engineering attacks, credential stuffing, or misuse.¹ This risk is amplified by the volume and complexity of accounts in cloud apps and services: Users that are not fully offboarded, service accounts that aren’t federated and identities that are not managed by a central identity provider (IdP) are among potential targets for today’s threat actors. IT and security teams need the ability to monitor and quickly take action to safeguard all corporate accounts and resources.

Identity threat detection and response (ITDR) is a critical practice for identity security. According to Gartner, by 2026, 90% of organisations will be using some type of embedded ITDR strategy, up from between 5 and 20% today.² Secure identity posture management solutions are a key aspect of ITDR as they evaluate identity deployments and provide visibility across your IdPs, as well as in apps and infrastructure, in order to identify potentially risky accounts, misconfigurations and opportunities to improve access policies.

Headquartered in Tel Aviv, Israel, Spera Security builds on Okta’s existing ITDR capabilities with a focus on security posture management and attack surface management. With Spera Security, we will equip our customers with richer insights and technology to elevate their identity security posture management and quickly identify, detect, and remediate risks.   

Spera Security and Okta: Powering modern, Zero Trust security transformation

Spera Security helps organisations reduce risk and drive down fragmented enterprise IT and costs. Security and IT practitioners will be able to capitalise on:

• More integrations and enhanced visibility and protection
  Spera Security allows customers to uncover threats and misconfigurations not only within their IdPs but also directly within their SaaS and infrastructure applications (i.e. AWS, Salesforce, GCP, GitHub). This enhances customers’ ability to identify and break down identity silos across the tech stack, such as partially offboarded users or non-MFA admins.
• Ongoing compliance reporting and monitoring with industry-verified identity security benchmarks
  Spera Security provides the ability to discover vulnerabilities across user populations and prioritise security issues based not only on attack vectors, but also on industry standards and regulations. Customers can measure themselves to certain compliance standards and best practices across their different environments. This builds on our investments in Okta Identity Governance (OIG) and Okta Privileged Access (OPA) to help IT and security leaders discover potential gaps in compliance and align with industry best practices, such as SOX or NIST.
• Broader ITDR capabilities with identity posture management
  Spera Security builds on Okta’s ITDR capabilities by allowing customers to better assess the security posture of their identity infrastructure as well as their apps and services. They can use Spera Security’s tangible suggestions, such as identifying SSO or MFA exclusions for privileged and service accounts to improve their security posture and remediate any potential threat vectors before they become critical.

With organisational attack surfaces expanding alongside the increased use of SaaS and Cloud applications, companies need broader visibility and a central place to constantly monitor for threats and exposure. As the leading identity partner, we remain committed to equipping our customers with the tools and knowledge needed in an increasingly challenging environment, and we’re excited about how Spera Security can amplify our ITDR work to deliver more secure outcomes for our customers. I couldn’t be more thrilled to welcome the Spera Security team to Okta when the transaction is completed and look forward to the many opportunities ahead!

^{1. Verizon 2023 Data Breach Investigation Report
2. Gartner 2023–2024 Cybersecurity Predictions}