Authomize Joins Microsoft Intelligent Security Association (MISA) read more

Product Update Release Announcement for New REST API Framework and Webhooks 

22/09/2022 • Gabriel Avner

Visibility is the basis for all security control. But in order to have the necessary visibility to make informed decisions, you first have to achieve the necessary connectivity with the applications and services in your environments. 

And when it comes to that visibility, the more connections, the better.

Today, Authomize announced that we have released an updated version of our REST API framework to enable our customers to connect Authomize’s Cloud Identity and Access Security Platform throughout their environments. 

We have also taken our remediation automation to the next level with webhooks that enrich identity and access data and trigger security orchestration by enabling rich integrations with SIEMs, SOARs, XDRs, access provisioning, and ITSMs.

Build Your Own Custom Connectors 

With our new framework, customers can build high quality connectors in just a matter of hours.

Utilizing the same REST API framework that Authomize’s R&D team uses for building our own native connectors, these customer-built connectors give users the same level of visibility into the access privilege models and security controls that they are accustomed to with the connectors built by our team in-house. 

Our new framework has recently been in use by a number of customers who have already begun building their own connectors for the applications and services that they depend on. These include popular tools such as Coupa, Workday, Zuora, Chef, NetSuite, and more. 

Added to Authomize’s existing list of connectors for IdPs (Okta, Ping DaVinci, and Microsoft Azure AD), CSPs (AWS, Azure, GCP), and SaaS apps (GitHub, Salesforce, O365), the ability to extend visibility and monitoring to every application, service, and homegrown system.         

To understand some of the value that we can see from the expanded connectivity options, let’s explore a few of the use cases that customers have already begun using.

Detecting IAM Risks and Threats with ITDR

Identity Threat Detection and Response is Gartner’s newest category for tools protecting the IAM infrastructure like your IdPs, PAMs, IGA, etc to manage your identities and access. It looks to detect risks to your security posture and threats that can alert you to an ongoing risk.

Because of its criticality and usefulness for reaching sensitive assets, this IAM infrastructure is increasingly under attack. Examples of exploitation may include creating new admins, changing privileges, or other manipulations that can help the malicious actors to use the IAM infrastructure as their course of attack. The ability to automate response to IAM threats like risky new users and roles can significantly tighten the attack surface.

Being able to detect these manipulations depends on having wide ranging connectivity with all of the downstream apps, identity providers, and any other elements that can impact the identities and access layer. 

By making it easier to connect your apps and services to Authomize, you can now expand threat detection to everything you build, own, or use.      

Webhooks for Streamlining Remediation 

Along with the new API framework, we have also added new APIs and webhooks integration to enable custom automation of remediating access risks. 

Authomize alerts on a variety of access risks, including over-privilege, stale accounts, and misconfigurations across IaaS, SaaS, and IAM solutions. Receiving an alert that an access privilege has gone stale or that its privileges are in need of changing is the first step to achieving Least Privilege. But what happens next? 

We have added new APIs to allow sharing of the data we collect, normalize, and analyze with existing security solutions like SIEMS, SOARs, and XDRs for incident enrichment. We also added webhooks to trigger alerting and remediation across ITSM, provisioning and security solutions. 

This means clicking “revoke” on a User Access Review or an over-privilege incident can send the action right to Okta. Alternatively, you can set up automated workflows that open a ticket in your ServiceNow or Splunk when Authomize issues an alert.

By shortening the number of steps in the remediation process with smart automation, we can significantly reduce the time to resolution.

Comprehensive Offboarding to Cover All Your Bases

When it comes time for an employee to make their exit from an organization, it is up to you to make sure that they do not take their access with them. This is increasingly challenging due to the number of apps and services that are used across the organization. According to research from 2021, the average organization uses 110 SaaS applications, not including their access to IaaS like AWS, Azure, or GCP. 

Verifying that a former employee does not retain access is exceedingly difficult. Quite often this leads to a partial offboarding situation where the person may have been removed from some or most of their assets, but not all. 

If their access has been revoked from AWS but their personal GitHub account can still access the company’s private repositories, then they can still cause harm if they so choose. 

In order to avoid a partial offboarding situation, organizations need to have full visibility over all of their applications and services, knowing who has access to what assets.

Authomize customers have long been able to use the visibility provided by our native connectors over both the identity and asset sides to identify who has access, making it easier for them to complete the full offboarding from many of their key assets like AWS, GitHub, Salesforce, and more. 

Now with the new framework, organizations can scale up their connectivity with more of their apps, increasing their visibility and ensuring that all access is revoked so the only thing that former employees leave with is (hopefully) fond memories. 

Build, Connect, and Secure More

Authomize has committed ourselves to providing our customers with the most granular, yet comprehensive visibility of their identity and access layer. 

Empowering organizations to build the connectors for the specific applications and services they depend on is a key component of this mission. But this doesn’t mean that we are leaving the connector building just for our customers. 

As part of the expansion of integrations, Authomize has added Identity Providers (IdPs) OneLogin and JumpCloud, as well as Bamboo HR and Delinea’s Secret Server that will allow customers to correlate accounts with AWS role usage, and track privileged access users logging into AWS via Secret Server, helping customers to identify stale accounts and achieve Least Privilege.

Looking forward, Authomize customers can expect to see additional support for key applications and services, all built using our new API framework, bringing them the highly enriched insights they need to secure their access everywhere they work, and the automated integrations needed to protect from identity and access risks and threats.

To learn more about how our advanced connectivity can enable your organization to achieve comprehensive visibility and control everywhere, request a free assessment and demo of our Cloud Identity and Access Security Platform.

Next read

Solution Brief

Learn how Authomize's solution is changing the way companies are managing authorizations