A recently released report from Mandiant, detailing the timeline of the most recent Okta breach has been “leaked” to the public and the timeline appears to be quite shocking. After the initial logon to the user’s account by LAPSUS$ there appears to be little to no security used to monitor the user activity outside of the FireEye agent, that was simply bypassed with a quick GitHub download.
While the breach reporting is still very early and more information is to be released, this is just another example of the need for external AND internal security event monitoring and alerting, with a sound incident response program in place. The use of a modern endpoint protection detection and response platform is a core requirement to support this.
As more of the breach unfolds, Equate will continue to apply the recommendations found, for its clients.