Blogs

‍Midnight Blizzard, Snowflake Incidents Underscore the Need for Stronger Identity Security, MFA Coverage

As the pace of cyberattacks continues to increase, companies simply can’t afford to have unintended access or gaps in MFA coverage.

With Microsoft’s testimony on cybersecurity this week including the recent Midnight Blizzard incident, the urgency of addressing identity security and Multi-Factor Authentication (MFA) coverage gaps has never been more important. In the past year, we have seen a 71% increase in identity-related attacks. In addition to Midnight Blizzard, Snowflake, SEC and Mandiant, all stemmed from issues with MFA.

Today’s security teams struggle to answer the questions of who has access to what, how that access was obtained, and how it's being utilized. I grappled with this challenge first-hand at Microsoft and as Chief Trust Officer at Salesforce, which led me to co-found Oleria to address today’s biggest identity security gaps.

Identity is the keystone to the future of cybersecurity and a critical area for companies to focus on because it's where attackers are moving. Today 80% of all breaches involve compromised identities. Abusing valid accounts is also cybercriminals’ most common entry point. Essentially, attackers are no longer just hacking in – they’re logging in.

And they are doing so because identity security is one of the most challenging and under-funded areas of cybersecurity, leveraging legacy systems and manually intensive processes that can’t keep up with today’s modern cloud- and SaaS-centric organizations. 

Oleria solves this problem by providing enterprises with adaptive and autonomous identity security. Our product, Oleria Adaptive Security, offers fine-grained access visibility and access usage at an individual-resource level – allowing CISOs and their teams to finally answer the critical questions: Who has access to what? How did they get it? What are they doing with it?

MFA: a critical layer of security

As a Chief Trust Officer at Salesforce, I made MFA mandatory for all Salesforce customers, a stance I still firmly believe in. Every company should adopt this practice to protect against cybersecurity threats. Mandating MFA is a no-brainer—like locking your doors at home. Recent incidents experienced by Snowflake customers with single-factors authentication enabled, underscores its importance.

During my time at Salesforce, we encountered two key challenges in our journey to implement MFA. First, we had to remove weak MFA factors like SMS and email since these are no longer secure enough for modern organizations. Second, we needed to understand where MFA had been successfully deployed and where work was still needed. Oleria helps with both of these.

When I speak with CISOs today, I show them how Oleria provides comprehensive visibility into their access landscape. This helps them understand exactly where MFA is deployed within their enterprise and where it is not, replacing outdated and error-prone reports. Oleria’s platform offers real-time, accurate insights, allowing organizations to confidently achieve and maintain 100% MFA coverage.

Why this all matters

Many organizations today have blind spots with MFA coverage and unintended access is a massive problem – providing an unnecessarily large attack surface for a bad actor to breach systems. As the pace of cyberattacks continues to increase, companies simply can’t afford to have unintended access or gaps in MFA coverage.

To stay ahead of emerging threats, companies need to think like attackers, while also ensuring they have a holistic view of their identity and access risks. That’s exactly what Oleria delivers. Our TrustFusion platform and access graph provides security teams with a comprehensive view of all identity-related risks, allowing them to quickly remediate over-provisioned or misconfigured access and avoid breaches.

Media contact
For media inquiries, contact pr@oleria.com

See adaptive, automated
identity security in action