From the Trenches: How BeyondTrust Detected a Breach at Okta and Lessons we Keep Learning from This Story

Webinar Registration

This is the story of how an attacker gains access to an identity provider’s support case portal, harvests a key piece of data from a file uploaded to the case by a customer and within minutes uses that data to gain access to the systems at that customer.

But it’s also a story of victory and a real-world demonstration of the power of monitoring, policy and defense-in-depth.

The Okta/BeyondTrust/Cloudflare incident happened a while back, but it remains the most valuable breach account we have to understand today’s threats in this multi-cloud, distributed and hybrid environment in which we currently fight the good fight. And last week I met Fletcher Davis at BeyondTrust. Fletcher is the Senior Manager of the Research Team at BeyondTrust and has an inside view of this breach. Before BeyondTrust, he was a red teamer at CrowdStrike and Mandiant, so I’m excited that he agreed to join me for this real training for free / anatomy of an attack session.

We will postmortem this breach step-by-step and it includes a bit of everything:

The crucial role of MFA and the difference between weak and strong MFA
Endpoint security
Web API security
Tokens, session cookies
HAR files
Security dependencies between systems and partners
Alerting on changes in privileged accounts and entitlements
Detecting unusual patterns in web authentication
The importance of communication between business partners and the sometimes frustrating process of escalation and getting people to take you seriously
Implementing non-default policies specific to your organization
Service account management

This fascinating story provides a wealth of lessons we can apply. We will finish up with a list of actionable recommendations that every organization can put to work in any environment.

BeyondTrust was able to detect and immediately respond thanks to their practice of dogfooding their products to protect their own network and Fletcher Davis will briefly show you a demo of the Insights platform and walk through some of the detections that caught the breach, as well as some recent additions that give customers visibility into their Okta privileges and application assignments.

Please join us for this real training for free session.

First Name:
Last Name:
Work Email:
Phone:
Organization:
Country:
State:
Zip/Postal Code:
Company size:
I'd like to schedule a personalized demo with a BeyondTrust rep for:
Industry:
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

May 2025 Patch Monday	"Patch Tuesday - Seven "Important" Zero Days " - sponsored by Supercharger

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.