- Home
- Single Sign-On
- Cybereason
Overview
The Cybereason Defense Platform moves beyond endless alerting to instead recognize, expose, and end malicious operations before they take hold. The result: Defenders can end attacks in minutes. Okta's integration with Cybereason Defense Console allows Defenders to authenticate to one or more Cybereason Platforms in seamless manner and gain access using single sign-on authentication with SAML. Enabling users to manage configurations, policies and Malops.
The Cybereason Defense Platform
Cybereason is the champion for today’s cyber defenders, providing future-ready attack protection that unifies security from the endpoint, to the enterprise, to everywhere the battle moves.
The Cybereason Defense Platform combines the industry’s top-rated detection and response (EDR and XDR), next-gen anti-virus (NGAV), and proactive threat hunting to deliver context-rich analysis of every element of a Malop (malicious operation). The result: defenders can end cyber attacks from endpoints to everywhere.
Key Product Areas:
- Next Generation Anti-Virus
- Endpoint Detection and Response
- Extended Detection and Response (XDR)
- Managed Detection and Response
- Incident Response
- Threat Intelligence
Cybereason x Okta Integration
While most attacks continue to compromise and persist on the endpoint, today’s adversaries don’t mind if they need to traverse between endpoints, SaaS solutions, identities, or if the underlying assets are on-premises or cloud hosted. All that matters is achieving the mission target, whether that’s data exfiltration, disruption, or stealthy persistence.
Today’s attack campaigns aren’t just targeting endpoints and servers, but end-users themselves -- their identities and access to critical business, development, and productivity applications. Okta's integration with the Cybereason Defense Console allows IT & security staff to seamlessly authenticate to multiple Cybereason modules using single sign-on authentication with SAML, enabling users to manage configurations, policies, and investigate Malops (malicious operations).
Cybereason Extended Detection and Response (XDR) helps organizations end cyber attacks, regardless of how the malicious operation moves across the enterprise network. As a cloud-hosted threat detection and response solution, XDR natively integrates with Okta to comprehensively ingest authentication, access, and privileged user activity.
With deep visibility across assets and users, organizations can:
- Prevent common & high-impact attacks, such as ransomware,
- Detect and Investigate malicious operations faster with the MalopTM, and
- Respond with confidence, including taking action across Okta accounts with automatic remediation.
Additional reading: Cybereason XDR Case Study
Functionality
Add this integration to enable authentication and provisioning capabilities.
Authentication (SSO)
-
API
-
Event Hooks
-
Inbound Federation
-
Inline Hooks
-
Outbound Federation
-
RADIUS
-
SAML
Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP) that does not require credentials to be passed to the service provider.
-
Workflow Templates
-
Workflows Connectors
-
SWA
Secure Web Authentication is a Single Sign On (SSO) system developed by Okta to provide SSO for apps that don't support proprietary federated sign-on methods, SAML or OIDC.
-
OIDC
OpenID Connect is an extension to the OAuth standard that provides for exchanging Authentication data between an identity provider (IdP) and a service provider (SP) and does not require credentials to be passed from the Identity Provider to the application.
-
WS-Federation
Provisioning
-
Create
Creates or links a user in the application when assigning the app to a user in Okta.
-
Update
Okta updates a user's attributes in the app when the app is assigned. Future attribute changes made to the Okta user profile will automatically overwrite the corresponding attribute value in the app.
-
Deactivate
Deactivates a user's account in the app when it is unassigned in Okta or their Okta account is deactivated. Accounts can be reactivated if the app is reassigned to a user in Okta.
-
Attribute Sourcing
The application can be defined as the source of truth for a full user profile or as the source of truth for specific attributes on a user profile.
-
Sync Password
Push either the users Okta password or a randomly generated password to the app. This feature is not required for all federated applications as user authentication takes place in Okta, however some apps still require a password.
-
Group Push
Push existing Okta groups and their memberships to the application. Groups can then be managed in Okta and changes are reflected in the application.
-
Group Linking
Link Okta groups to existing groups in the application. Simplifies onboarding an app for Okta provisioning where the app already has groups configured.
-
Schema Discovery
Import the user attribute schema from the application and reflect it in the Okta app user profile. Allows Okta to use custom attributes you have configured in the application that were not included in the basic app schema.
-
Attribute Writeback
When the application is used as a profile master it is possible to define specific attributes to be sourced from another location and written back to the app. For example the user profile may come from Active Directory with phone number sourced from another app and written back to Active Directory.
