Attackers aren’t just hacking into companies; they are logging in. An estimated 80% of all breaches use compromised identities costing enterprises billions of dollars annually. With the proliferation of SaaS applications and AI, the volume of attacks targeting identities is also growing – at the rate of 71% year -over-year – according to the 2024 IBM Threat Intelligence Index.
That’s where Oleria comes in. The U.S. company, which was recently named a 2024 World Economic Forum Technology Pioneer, provides what it says is first-of-its-kind access visibility, including access usage insights, at an individual resource level, so Chief Information Security Officers (CISOs) can answer the critical questions: Who has access to what? How did they get it? What are they doing with it?”
CISOS need visibility into their ecosystems (including all identities and their relationships and what these identities are doing) to reduce operational risk.
Lack of multi-factor user authentication , for example, played a role in recent cyber attacks at both Microsoft and AT&T. In March, Microsoft notified the U.S. Department of Veterans Affairs that it was impacted by the security breach that enabled the Russian hacking group known as “Midnight Blizzard” to steal some of the company’s source code, Already assigned blame for the earlier SolarWinds attack, the Russian group has been accused of spying on email accounts of Microsoft’s senior leadership team and attempting to use the secrets obtained there to create additional security breaches. Midnight Blizzard utilized password spray attacks that successfully compromised a legacy, non-production test tenant account that did not have multifactor authentication (MFA) enabled, according to Microsoft.
More recently AT&T said that it is one of at least 100 companies impacted by a wave of attacks targeting Snowflake customers. The attacks were not caused by a vulnerability, misconfiguration or breach of Snowflake’s systems, cybersecurity company, Mandiant, a Google subsidiary, said last month in a threat intelligence report. Stolen credentials obtained from multiple infostealer malware infections on non-Snowflake owned systems were the point of entry for the attacks, Mandiant said. Impacted customer accounts were not configured with multi-factor authentication, according to press reports.
Providing visibility and enabling the remediation of orphaned, dormant and over privileged accounts, risky misconfigurations or lack of multi-factor authentication can help shrink attack surface areas and improve security postures. Yet, existing tools fail to give CISOS the necessary visibility to reduce their risk exposure, says Oleria.
Oleria’s Trustfusion platform provides one place in the Cloud to manage access rights “adaptively and in the future autonomously,” according to the company. It says its technology ensures that every account has just the access it needs, at the right time, for the right duration.
It’s the kind of tech solution that Oleria CEO and Co-founder Jim Alkove says he could only dream of when he was leading a 1,700-person security team as Salesforce’s Chief Trust Officer. One of the biggest ongoing challenges was understanding who had access to what and how they were using it and where the company had multi-factor identification enforced and where it didn’t, says Alkove.
“We had to build a lot of the tech on our own because the market did not provide it,” he says. “The market was deeply underserved.”
So Alkove, who previously headed Windows security at Microsoft and security at Google Nest, decided to build Oleria as his next act.
“Our mission is to deliver a single source of truth on identity, on one platform, that serves as a central point pf visibility and control,” says Alkove. “That is the perspective that we think is unique, to understand the usage at a fine grain level.”
Oleria was launched in 2023 by Alkove and Chief Product Officer Jagadeesh Kunda, a former JumpCloud Chief Product Officer and VP of Product Management at Salesforce.
The company has raised over $40 million from investors that include Salesforce Ventures and individual investors such as Microsoft COO Kevin Turner and Assaf Rappaport. CEO OF cybersecurity company Wiz. Oleria’s clients include large enterprises and Fortune 500 companies in a variety of sectors including aerospace, defense, financial services and healthcare. –
Once a client’s access and usage information is visible on a universal access graph, Oleria helps incident response and compliance engineers investigate access related incidents and identify unused or unintended access. The technology makes recommendations about how to best remediate access without negatively impacting business operations. In the future the company says it will be able to autonomously remediate access risks and managed access independent of applications.
Competitors include identity and access management companies like Okta, identity security companies like Ping Identity, big tech companies like IBM and Oracle, as well as a growing number of startups.
Oleria’s differentiator is that “no one else has a comprehensive platform,” says Alkove.
This article is content that would normally only be available to subscribers. Sign up for a four-week free trial to see what you have been missing.