Introduction

​The Security Center function was released in May 2023 as a visualization function for authentication event occurrence trends and unauthorized login detection. Until now, it was necessary to output logs to the outside and use SIEM products, etc., but now it will be provided as a function on the Okta CIC management screen.

By using the Security Center function, you can understand the trend of login success/failure via Okta CIC and the detection status of unauthorized logins. This information can be used as material for consideration of countermeasures against unauthorized login, such as the application of the Attack Protection function and MFA.

This page introduces what you can check with the Security Center function.

What you can check with the Security Center function

With the Security Center feature, you can check the following information in real time.

[Overview tab]

• Total number of authentication events and number of unauthorized logins (total value)
• Number of unauthorized login occurrences judged by Okta CIC (time series and aggregate values)
• Number of authentication events that have occurred (time series)

[Threat Monitoring Tab]

• Number of detections by the Attack Protection function (time series)
• Number of MFA attempts/successes/failures (time series)

The display period range of each information can be specified from the following options. (Aggregation unit is automatically determined according to the selected period)

• last hour
• last 12 hours
• Last 1 day
• Last 7 days
• last 14 days

Below are the details.

Display information details

[Overview tab]

• Tenant Overview: Total number of authentication events and number of unauthorized logins (aggregated value)
  • Total Traffic: Total number of authentication events
  • Total Threats: Number of authentication events identified as unauthorized logins by Okta CIC
  • Threat % of total traffic: Percentage of authentication events judged to be unauthorized logins

• Threat Behavior: Number of unauthorized logins judged by Okta CIC (time series and aggregate values)
  • Threat behavior trends: Number of unauthorized logins
  • Threat behavior by app: Number of unauthorized logins by application
  • Threat behavior types: Occurrence rate by type of unauthorized login
    ・Credential stuffing: Credential stuffing attack
    ・Signup attack: Automatic new account creation attempt ・MFA bypass: MFA bypass attempt

• Authentication: Number of authentication events that occurred (time series)
  • Login attempts: login successes and failures
  • Signup attempts: signup successes and failures

[Threat Monitoring Tab]

• Number of detections by the Attack Protection function (time series)
  • Bot Detection: Detection of bot attacks (determined by Okta CIC knowledge)

• Suspicious IP Throttling: Detecting frequent logins/signups

• Brute-force Protection: Detection of Multiple Login Attempts for a User

• Breached Password Detection: Detection of logins and sign-ups using passwords that may have been compromised (determined by Okta CIC)

• Multi-factor Auth: Number of MFA attempts/successes/failures (time series)
  • MFA challenges: MFA attempts
  • MFA success rate: MFA success and failure

in conclusion

With Security Center, you can understand trends in login success/failure and the occurrence of unauthorized logins detected by Okta CIC.

It is a function that has just been released, and although it has a light impression in terms of content, I expect that it will be expanded in the future.