When an attacker sitting halfway around the world steals your employee’s credentials, tricks their way through Multi-Factor Authentication (MFA), and gains access to a SaaS application housing sensitive information, how do you even know it happened?
That attacker never traversed your network, or compromised your endpoint – they simply used their own. What’s breached is your employee. What you need is a definitive way to analyze disparate telemetry to ensure users and machines are who they say they are and only doing what they are authorized to do.
So how might you go about determining this connection? The answer is Identity.
Identity transcends traditional technology boundaries, giving you the ability to establish policies at an individual level for humans, machines, and services of what they can access and then continuously monitor behaviors to codify what’s “normal” or “abnormal” in near real time. This is incredibly powerful, especially given that 60% of security breaches involve the abuse of valid identity credentials, largely driven by the rise of remote access, Bring Your Own Device (BYOD) policies, and ubiquitous cloud and SaaS adoption that has changed the world forever.
Today, I am excited to announce another step forward in our realization of Cisco’s AI-driven Security Cloud with our intent to acquire Oort Inc., a company pioneering Identity Threat Detection and Response (ITDR) technology. As a strategic investor in Oort since 2022, Cisco shares Oort’s commitment to securing identity as the new perimeter. With Oort’s API-driven, cloud-native, and agentless platform, they eliminate identity visibility gaps across disparate data sources, show misconfigurations, check for security vulnerabilities, and offer predictive identity analytics to proactively stop attacks. It also cuts down on remediation time by giving enterprises a clear understanding of the blast radius of an identity-related incident. For example, if an attacker stole an employee’s credentials, giving them access to twenty different systems, Oort can identify the four systems that were actually compromised and require further remediation.
Leveraging Oort’s identity-centric technology, we will enhance Cisco’s Security Cloud’s user context telemetry and incorporate their capabilities across our portfolio, including our Duo Identity Access Management (IAM) technology and Extended Detection and Response (XDR) portfolios. In addition to strengthening Cisco’s native telemetry, Oort’s integrations with other third-party vendors – including Google, Microsoft, Okta, and Auth0 – supports our commitment to increase interoperability and deliver consistent outcomes regardless of vendor or technology.
The Oort team will join Cisco’s Security Business Group, where they will partner closely with our teams to bolster the identity perimeter. We expect to close the acquisition in the first quarter of FY24. We are excited to share more details in the very near future. Stay tuned.