Integration detail

Orchestrate and automate your security response

In order to protect the enterprise, security teams must quickly resolve alerts as they arise, as well as proactively identify threats before they cause damage. Many of these threats involve weak or stolen credentials, demonstrating that hackers are increasingly targeting user identities. To better protect against these threat vectors and deliver identity-driven security, Okta integrates with Splunk Phantom to enable identity-centric response actions. When suspicious account activity is detected, like a log-in from a new device or location, security teams can mitigate the threat automatically by clearing active sessions or forcing multi-factor authentication (MFA) with Okta. If, after further investigation, the user does appear to be compromised, security teams can take additional remediation actions against the bad actor by suspending the compromised account and conducting a password reset. Together, Okta + Splunk Phantom orchestrate security using identity as the control point.

Enable enrichment for more complete visibility

The Okta Identity Cloud add-on for Splunk expands the joint solution to include complete visibility to user activity and identity. Splunk aggregates millions of data sources across firewalls, routers, endpoints, as well as critical information on user identity and access from Okta. When alerts arise, Okta provides rich identity context on users, groups, and applications for additional security enrichment on suspicious activity. This helps answer questions like ‘what sensitive applications have they been assigned’ and ‘which groups does this user belong to’ so security teams can better judge the nature of the threat and prioritize response actions accordingly. Okta also enables additional threat hunting with user activity logs to help identify failed log-ins or new factor enrollments. This helps security teams mitigate threats before they turn into full-fledged attacks. By integrating with the entire Splunk Security Operations Suite (Splunk Enterprise, Splunk Cloud, Splunk User Behavior Analytics, and Splunk Phantom), Okta completes the security loop from visibility to response with identity as the key control point.

Identity-driven orchestration and response

With Okta + Splunk Phantom integrated together, enterprises can enjoy identity-centric security and orchestration and automation of your existing security infrastructure. The combination allows you to enable decisive, quick, and automated security actions to keep assets and users safe from credential compromise.

• Add identity context to security alerts, making alerts more meaningful and actionable
• Understand and prioritize threats across the enterprise, so teams can respond to the most serious incidents first
• Automate security responses to make security teams more effective and efficient in fighting credential-based attacks