SentinelOne integration with Okta for enrichment

SentinelOne has announced a new integration with Okta to deliver a solution that will enable security teams to respond to credential compromise and identity-based attacks quickly.

SentinelOne XDR for Okta is pitched as combining SentinelOne’s XDR platform with Okta’s identity management capability to accelerate response and minimize enterprise risk which will combine to give an improved performance to the customers.

1. SentinelOne’s Storyline deep visibility threat agent observes all concurrent processes across operating systems and cloud workloads, providing a rich context for any potential endpoint security incident.
2. Once a threat is detected, XDR informs Okta of the last logged-in user for that endpoint and Okta provides identity context from Okta data.
3. The combination of XDR and identity context is said to help security analysts quickly determine who is doing what on which device, significantly reducing the risk of endpoint or identity-based attacks.

This integration is a completely automated remediation process, lifting the burden on the security operations center team and allowing analysts to focus on higher-value tasks.

Other features include

1. Capability to enrich threat data automatically within Singularity XDR with recent login information via Okta to make security data actionable.
2. The user suspension feature terminates active sessions originating from compromised devices to minimize response time for prevention and remediation.
3. A reset password feature will be forced to prevent single sign-on lateral movement across corporations.
4. A forced reauthentication, initiates a multifactor authentication workflow within Okta, locking the account until the user reauthenticates with a valid MFA token for identity verification.