For automatically identifying unauthorized logins and integrating with real-time policy enforcement, VeriCloud announced their verification service named Credverify in OIN (Okta Integration Network) for providing integrated threat intelligence.
Most of the organizations are currently working on increasing the protectiveness of their cybersecurity and Identity and Access Management (IAM) measures. With the implementation of the new threat intelligence, the organizations will be able to be proactive by identifying threats and cope up against threat-based attacks.
CredVerify is a threat intelligence platform that collects, analyses, and maintains billions of credentials stolen in data breaches. The k-anonymity protection concept is used by CredVerify for Okta to check for leaked credentials over restful API services. If any of the data provided by the user matches with the previous breaches or dark web activity, authentication will be denied automatically. The platform is built in such a way that the data can be used for its intended context with the utmost privacy and security.
“In a world where nearly half of all logins are attempts at credential stuffing, it is difficult to distinguish real users from cybercriminals,” said Stan Bounev, Founder and CEO of VeriClouds. “By integrating CredVerify with Okta authentication, Okta accounts are protected with analytics and intelligence from more than 20 billion recovered username and password combinations, blocking the use of stolen credentials from being used during logon. Through talking to dozens of partners and customers, I have gained a deep appreciation of the value VeriClouds brings to the table, which is outsourced liability (of handling credentials recovered from breaches) and fully automated protection against account takeover attacks.”
“Prior to VeriClouds, several of my security team relied on Have I Been Pwned (HIBP), which has all the stuff in public breaches,” said John Donovan, former CISO of Malwarebytes. “Using a 3rd party service who are good stewards of more sensitive breach data was important to us to complement our own internal capabilities. That is an area that we did due diligence with VeriClouds.”