Preventing Credential-Based Attacks with Okta and Palo Alto Networks

Today's worker wants everything, anywhere, anytime, which has led to the rise of different types of accounts and identities such as cloud, mobile and other devices, e-commerce, and social networks, making identity management a lot more complicated. Now, user accounts are exploding in number and type, and in addition to being difficult to manage, this leaves sensitive data and applications vulnerable to a variety of common attacks. Attackers are using increasingly prevalent and sophisticated techniques to steal passwords to consumer, banking, and enterprise applications. Luckily, multifactor authentication (MFA) is designed to protect against the range of attacks that rely on stealing user credentials.

Okta’s Adaptive Multi-Factor Authentication (MFA) offers a broad set of easy-to-use factors combined with policy-driven contextual access management that maintains a simple user experience. The integration between Palo Alto Networks and Okta helps organizations bring together identity management and security for the enforcement of access policy, regardless of where customer applications reside. Palo Alto Networks Next-Generation Firewall enforces multi-factor authentication policy within the network, preventing the adversary from any interaction with critical or sensitive applications.

Palo Alto Networks integrates with Okta MFA APIs to deliver seamless user authentication across all sensitive applications. One of the core functions of the next-generation firewall is a set of identity-based enforcement technologies. The Palo Alto Networks Next-Generation Firewall delivers identity-based enforcement of network traffic policies using Okta authentication and identity management. When used with MFA policies, the next-generation firewall can control network access based on authentication through Okta MFA. This integration enables organizations to secure sensitive assets based on this policy, served directly at the network layer. As users and their respective roles change, organizations can leverage this policy to drive varying authentication requirements on the next-generation firewall.

“This new integration between Palo Alto Networks and Okta allows organizations to pervasively deploy multi-factor authentication and prevents the theft and abuse of stolen credentials,” said Terry Ramos, vice president of Business Development, Palo Alto Networks. “Together, this approach complements additional malware and threat prevention functionality to extend customer organizations’ ability to prevent cyber breaches and safely enable applications.”

With this integration, Palo Alto Networks and Okta customers can leverage MFA policies for better fine-grained access, and take advantage of the Okta MFA options including a mobile device soft token (on iOS, Android or Windows Phone), hard tokens such as Yubikey, SMS, or voice as well.

In this same release, Palo Alto Networks adds Single Sign-On capability with Okta across Palo Alto Networks GlobalProtect, Captive Portal, SSL VPN and administrative UI modules, enabling centralized access through a single pane of glass.

To learn more the integration please visit our Palo Alto Networks partner page.