Directory Image
This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.

Mesh Security | ZTPM | Zero Trust Posture Management

Author: Daniel Hudson
by Daniel Hudson
Posted: Nov 25, 2022

The first Zero Trust Posture Management (Ztpm) solution, providing real-time visibility, control, and protection across your Everywhere Enterprise. Use Mesh Security to rapidly eliminate risk, ensure compliance, and implement Zero Trust across XaaS estate.

SeeFull Visibility Coverage in Minutes
  • Discover your crown jewels and rapidly identify remove the most critical risks

  • Gain holistic, contextual, and actionable analysis of your entire XaaS estate

  • Agentless seamless deployment that connects to any footprint and translates ‘Zero Trustish’ into English

AutomateSupercharge your Zero-Trust Adoption
  • Leverage your existing security stack into effective Zero-Trust reality

  • Reduce cost complexity and eliminate manual work with advanced workflows

  • Drive cross-organizational collaboration, shift left security, and increase user experience and productivity.

SecureStay Secured, Ensure Compliance
  • Continuously maintain a comprehensive Zero-Trust posture with ease

  • Eliminate risk with proactive unified hardening and Anomaly Detection Response

  • Empower your business with the best possible resilience at scale.

Mesh Security Uncovers Broad MFA\SSO Bypass and Impersonation Risks in Okta and Other 100 VendorsTrust No One? Always Verify?

Mesh Security emerges from stealth today with $4.5 million seed funding to help companies drive Zero Trust in the cloud and reveals a broad security risk called "Cookeys" in Okta (and over 100 different vendors), exposing organizations to potential breach.

Modern enterprises are shifting from perimeter-centric architecture to an identity-centric framework called "Zero Trust". The new architecture comprises newly-introduced environments, mechanisms, processes, and technologies, including IdP, network access, micro-segmentation, SSO, MFA, and more.

As part of our quest to empower cloud-first enterprises to implement Zero Trust architectures in the cloud, we have been conducting thorough research on how improper implementations of Zero Trust principles might expose enterprises to potential breaches and discovered design flaws in Okta and over 100 other vendors.

Upon discovering these security issues, our research team took the responsible action of sharing our findings with the relevant vendors’ security teams.

From Okta, for example, we were notified that this security issue is not considered an Okta service-specific vulnerability, claiming that their web-application validation mechanisms are properly functioning, claiming that "As a web application, Okta relies on the security of the browser and operating system environment to protect against endpoint attacks such as malicious browser plugins or cookie stealing."

However, whether recognized as vulnerable or not – threat actors are ruthlessly taking advantage of any exploitable environment; they are indifferent regarding improper implementations or who is in charge. They will take advantage if they have not done so already.

We believe (and so does OWASP) that this type of security issue deserves to be shared with the community, and encourage organizations to take the proper measures and controls to prevent significant business disruptions.

Click here to know more about Zero Trust Posture Management.

About the Author

The industry’s first Zero Trust Posture Management (ZTPM) solution, providing real-time visibility, control, and protection across your Everywhere Enterprise.

Rate this Article
Leave a Comment
Author Thumbnail
I Agree:
Comment 
Pictures
Author: Daniel Hudson

Daniel Hudson

Member since: Nov 22, 2022
Published articles: 2

Related Articles