Better security with Okta and Splunk


Robust security and real-time visibility were major priorities for a leading technology and communications company when it sought an identity and access management (IAM) partner. Having been in business for almost a century, the company was no stranger to changing business needs, and knew that migrating more of its systems to the cloud was the next critical step when it came to boosting profits and productivity. However, with thousands of end users—including numerous government services and agencies, ranging from public utilities providers to first responders—and countless digital apps that these users depended on, a strong IAM solution that could secure data was essential.In addition to wanting to ensure that the right people received access to the right apps and systems, the company also wanted to be able to monitor unauthorized login attempts in real time. In other words, it not only wanted to able to thwart attacks, but also to have greater visibility and understanding of the threats it was facing.


For the company’s Security Solutions Architect, protecting customers started with shoring up enterprise IAM internally. By protecting sensitive client information with a superior access management solution, he knew it would have a positive effect downstream. “We know that we are defending the networks of our customers. We look at our communications inside and the way we protect what happens inside our organization as an extension of what's going to happen to our customer,” he explained.

He was also aware that identity is often a weak point when it comes to protecting data and increasing productivity. Internally, bad password hygiene led to frequent problems for end users—and time-consuming support tickets for the IT team—as passwords were forgotten, recycled, or periodically expired. And although the company had created its own legacy single sign-on (SSO) solution that it was still supporting, the process of adding new apps was extremely slow. Instead of continuing to support a complicated legacy system that required regular upkeep, the company moved to Okta SSO.

The company also turned to Okta for more effective multi-factor authentication (MFA). Previously, MFA efforts had been concentrated around the company’s virtual private network (VPN) because this was simply one of the easiest places to insert it into the stack. Updating this, it wanted to implement an MFA solution that would extend beyond the VPN environment. With this in mind, the company switched to Okta’s Adaptive MFA, which would offer contextual access information around factors like location, device, and network. “We’re watching for where identity is consumed; whether that login makes sense for that user, in that location, in that country, at that time,” said the Security Solutions Architect.

A new age of IAM

The company first rolled out Okta’s SSO , Universal Directory and Adaptive MFA. This included a custom registration process that allowed end users to complete multi-factor enrollment using directory-based credentials when they first signed in.

“We started with everybody, all at the same time,” said the Security Solutions Architect. “We gave them a deadline: we said by the end of the month, we’re going to move our VPN to Okta, and we’ll no longer be using our old multi-factor solution. You’ll have to be on Okta, and it’s adopt now or pay later.”

To further ensure secure login for both its distributed workforce and clientele, the company optimized its use of Okta’s MFA by also leveraging Yubico’s YubiKey and FIDO U2F. Together, Okta and Yubico helped the organization prevent phishing attacks through origin-bound keys that bind a user login to its origin, protecting against sophisticated Man-in-the-Middle (MitM) attacks that redirect the user to a fake site. As identity is indeed the new perimeter, U2F helps reinforce that perimeter by verifying login credentials from laptops, smartphones, kiosks, and other non-localized access points that often rely on distributed cloud servers and public WiFi. In an era where passwords are simply no longer good enough—and many organizations are actively looking at doing away with them completely—MFA that’s capable of incorporating stronger authentication factors is crucial. Indeed, this fact was a strong driver of Okta MFA adoption for this particular organization. Realizing that a reliance on passwords was placing the company at risk, a decision was made to add possession factors—like the tokens mentioned above—and set the eventual end goal of completely passwordless login.


Integrating with Okta

Not only has the implementation of Okta’s solutions led to a huge uptick in secure logins for the company and its users, but it also allowed them to access a wider selection of applications. “The number of apps that we’re onboarding is accelerating,” said the Security Solutions Architect. Now, whenever the company is assessing a new application—on-premises or in the cloud—Okta SSO is an evaluation checklist item. “Single sign-on with OKTA is one of our evaluation checklist items and if it's not there, the app doesn't go forward.”

With Okta’s integration, all of the company’s most popular and important apps like Office 365 aslo feature MFA. For apps that are particularly sensitive, like Workday, the company enhanced authentication, requiring MFA at all times, even if the user had recently authenticated or is working from a secure environment.

The company’s original legacy SSO solution has been deprecated, and all applications have been migrated over to Okta. “It would take up to 30 days to put a new application into single sign-on,” said the Security Solutions Architect about his past SSO system. “We were paying for that work as a project, up to $15,000 for one application to go into single sign-on.

I would recommend Okta almost exclusively for speed of deployment, just as an upfront benefit, along with its strong authentication and multi-factor options.

There’s so much more that we can do with it, but just starting there, it simplifies my life so much.” For him, there was no comparison with Okta, where new apps could be onboarded in under 10 minutes thanks to Okta’s Integration Network.


Better visibility with Okta and Splunk

One of the first things the organization did once it started overhauling its IAM was to integrate this new solution with Splunk—software that can be used to search, monitor, and analyze machine-generated data. Being able to integrate Okta with Splunk was incredibly important for the company, as the data offered was valuable when it came to behavioral analytics and general visibility over usage patterns. With Splunk integration, IT administrators could look back at user behavior by pulling Okta logs and reports into Splunk. This enabled them to conduct regression analyses against known bad actors and IPs to see if they had been attempting to log in with stolen credentials. Splunk added yet another layer of security, correlating powerful insights Okta was providing on how and where identity was consumed—what user, at what location, in what country, at what time—so that threat actors could be effectively counteracted.

“The types of threats that we face are the same threats that other enterprises like ours contend with, and probably every enterprise,” said the Security Solutions Architect. “But we do have, I think, some specific attackers who are interested in our intellectual property.” With these sorts of hazards looming, the combination of Okta and Splunk was the best way for the company to not only protect login credentials, but to have complete visibility into who, when, and where they were being used. As an added precaution, the company has been active in sharing information about current attackers, IP addresses and source IPs, and particular patterns of behavior.

Toward a smarter, safer future

One of the company’s key goals is to enhance its behavioral analytics program so that it can better detect anomalies—and of course, Okta will continue to be a major source of critical data. As the Security Solutions Architect stated, “I think we’re going to rely on Okta, and the innovations that Okta’s making, to do some of those adaptive responses based on change in risk, change in device.” The company currently has a strong network stack and utilizes a number of endpoint controls to examine end-user behavior. Now, having integrated Okta with pre-existing systems and protocols—such as Splunk—the IT team has what it needs to improve their behavior analytics and better protect their colleagues and customers.

The Security Solutions Architect also emphasized the fact that MFA, and non-phishable factors such as U2F, would continue to play a crucial role in the future of the company. Ideally, the company plans to reach a point where U2F can serve as the primary authentication factor for users. “It was great to see Okta putting a roadmap forward that’s going to help us get to a passwordless solution sooner than we would otherwise,” he said. With Okta, companies are able to offer user authentication that reduces login friction without jeopardizing security. Authentication factors can be asked for based on risk level, and passwords can finally become a thing of the past.