Last Updated | 26 May 2022 |
Document Id | tch-vendor-intro-oort |
Author | simonm@thecyberhut.com |
Company Key Facts
Web – https://oort.io/ LinkedIn – https://www.linkedin.com/company/oort-inc/ Twitter – https://twitter.com/oort_io | |
Founded Date | 2019 |
Founders | Matthew Caulfield |
No. of Employees | ~30 |
Total Funding | $3.1 million |
Locations | Great Boston, USA |
In Their Own Words | “Get identity security that SOC and IAM teams love.” |
Funding
Source: Crunchbase
Announced Date | Transaction Name | Number of Investors | Money Raised | Lead Investors |
Sep 28, 2020 | Seed Round – Oort | 4 | $3.1M | — |
Apr 7, 2020 | Non Equity Assistance – Oort | 2 | — | Dreamit Ventures |
May 15, 2019 | Non Equity Assistance – Oort | 1 |
Source: Crunchbase
What do Oort do?
Oort are sitting in the emerging Identity Threat Detection and Response arena – where many organizations are struggling to gain visibility into the array of distributed identities and entitlements that are spread across hybrid cloud and SaaS resources. This lack of visibility and a lack of vulnerability awareness is leading to a proliferation of threat exploitation based on how those identities are being (or not being) managed.
Oort.io looks to assist through a quick start cloud service that integrates with a range of identity management data sources – for audit and activity data as well as identity provider information. They then apply a set of out of the box “checks” based on their understanding of emerging identity vulnerabilities. These “checks” look to find potential misconfiguration and mismanagement of the identity infrastructure including accounts that do not have MFA enabled, accounts that are not being used, accounts that have never been logged in or perhaps have particular attributes missing.
On identifying particular vulnerabilities, the oort.io platform then runs through a range of notification options such as email or Slack in order to bring a human element into the digital identity threat landscape.
Dashboarding and reporting then provide a central pane of glass into the identity threat landscape before ticketing based integration allows for the appropriate remediation.
As many organizations are now facing a complex landscape of on-premises, multi-cloud infrastructure as well as a host of SaaS based applications, identity management in the traditional sense can often not provide a level of management and governance for life cycle management and access control. As such vulnerabilities are proliferating. Oort not only provides a level of visibility but also the means to integrate human response but also audited remediation.
Technology Key Facts
Go To Market Message | “Get a map for identity gaps.” |
Solutions | Disconnected Identity Identification / Over Privileged Identities / Stale Policy Analysis / Identity Silo Inconsistencies / Identity Threat Investigation |
Products / Platform | Centralized Identity Threat Cloud |
Useful Links | Blog 30 Day Free Trial |
Technology Review
Overview
Oort provides a cloud platform that can assist both security operation centers and identity and access management administrators with a centralized view of identity threats and how to respond.
Data Integrations
Out of the box integrations exist for a range of identity data sources including identity providers such as Azure AD and Okta.
HR data can be imported from the likes of Workday, SAP and Oracle HCM. Outbound notifications come from the likes of standard email, as well as Slack and Servicenow
Checks
Once data is on-boarded, the analysis comes in the form of “Checks”. Oort provides a range of checks based on identity vulnerability best practices. These checks are then run against the ingested data sources in order to look for specific vulnerabilities.
They list the top 5 identity threats as the following:
- Failed Logins After 30+ Days of No Activity
- Successful Logins from Known Risky IPs
- Logins from Disallowed Email Providers
- No Multi-Factor Authentication (MFA) Configured
- Inactive Guest Users
Whilst some of these are obvious (no MFA) others are more subtle and will likely be missed by existing identity governance and workflow processes.
Clearly once vulnerabilities have been identified, threat investigation is needed in order to map the necessary risk level and associated risk reduction steps.
As identity is now at the center of many security architectures and zero trust initiatives, the ability to investigate on a per identity and per identity violation level is interesting.
Clear dashboarding and heat maps will be needed here, in order to prepare the necessary teams with the correct information regarding their identity infrastructure risk,
Response
Identifying vulnerabilities and risk is only ever part of the security management lifecycle. An interesting angle oort promote, is the ability to and the need for human based interaction as it comes to identity threat response and remediation.
They promote the aim of delegated remediation – either to individual account owners or line managers who have deep business related understanding of the identity account and permission landscape. This delegation approach is interesting – as it not only places accountability onto individuals, but may also start to see organizations move away from the “check box” mentality often associated with the more traditional access review processes.
Who Is The Technology Aimed At?
It seems the sweet spot for ITDR is likely to be organizations with a relatively mature set of identity management resources. That seems obvious, but clearly platforms like Oort need data and that data needs to be available from various different sources – be it identity providers, HR or other application activity systems.
As a cloud delivered platform, oort can certainly be aimed at organizations that don’t have a large pool of specialist identity and access management personnel, allowing the small and medium sized enterprise to have improved visibility and control into what is becoming a complex identity infrastructure.
The Cyber Hut Comment
Oort is a new startup entering the emerging sector of Identity Threat Detection and Response. As organizations of all sizes embrace identity-first security and the use of IAM as a business enabler, the need to have improved vulnerability management and visibility is important. Data and permissions are being disconnected from the centralized business process with SaaS applications, hybrid cloud infrastructure and rapid application consumption potentially increasing the threat vector of a poorly managed identity and access management infrastructure.
Strengths
- Cloud first allows small and medium sized organizations to onboard and analyze identity data rapidly
- A range of out of the box integrations provides a no-code way of getting data into the platform
- Oort provide a range of “checks” that provide an immediate way to start finding vulnerabilities across the identity landscape
- A human-first way of delegating remediation may help remove “check box” mentality approach to violations