OneLogin has joined CloudLock’s growing ecosystem of cybersecurity orchestration to deliver powerful identity and access management capabilities for cloud environments. With this new two-way integration, organizations can now identify threats and utilize a number of orchestrated, automated, real-time response actions.
The CloudLock CyberLab has worked with organizations that had experienced as many as fifteen compromised accounts daily. Once an account is compromised, it often takes a good deal of time to identity the compromise, analyze the situation to determine the extent of the threat, and respond.
CloudLock has complemented existing CASB and Cybersecurity Orchestration capabilities with OneLogin’s IDaaS capabilities for improved identity assurance.
How Does It Work?
Imagine Sam logs into OneLogin to access Salesforce.com from their home office in Santa Clara, CA. It is observed that at exact same time Sam’s credential are used to logged into OneLogin from a location thousands of miles away. As it is virtually impossible for Sam to be present in both locations at the same time, CloudLock’s user and entity behavior analytics (UEBA) would recognize this anomalous behavior.
Now, through the CloudLock and OneLogin integration, CloudLock tells OneLogin to dynamically re-classify Sam to a different group, as configured in OneLogin. A typical OneLogin use case involves creating unique groups mapped to increasingly strict security policies. Common examples of response actions based on configurable workflows within CloudLock’s policy engine include:
- Requiring multi-factor authentication upon every login for improved identity assurance
- Reducing maximum session length before requiring re-authentication
- Increasing password complexity
- Preventing access to applications
- Sending an email notification to administrators and/or the end user to alert them of the incident