IDP Compromised? Detect & Prevent Doomsday Scenarios NOW! #shorts

Your IDP gets compromised, Okta. Um if you didn't read about that, Okta support personnel were compromised and then the attacker had access to a share where the customers were sharing HAR files, which had session tokens. Um and that's how they were able to gain access the attackers were able to gain access to CrowdStrike or not CrowdStrike. Cloudflare, that's the one. Yeah, they got access to Cloudflare. And so yeah, if your IDP gets compromised, how would you ever know? Um we actually do have some detections for that at Elastic where every time somebody from Okta accesses your environment, it creates an event and so we have alerts for that. And so we we reach out and call them every single

time. We're like, are you sure this is this is cool? Um but then the other doomsday scenarios are the agent managers such as CrowdStrike, um any of your EDRs, your Qualys that you're doing your vulnerability management, patch management, any of these things. They can push out updates to all of your workstations cuz your workstations trust them absolutely. And so these are the these are the doomsday scenarios that you have to threat model against to say, okay, what would happen what would this happen? How do I prevent it? And you you really have to take the time to do the threat modeling in your environment to make sure that these things are critical so lock them down.