🌟 New Feature Alert 🌟

We've made major improvements to how you detect and respond to threats:

1. New Threat: Breached Since Password Reset – Detects accounts where the password was reset, but the associated email has since appeared in a breach.

2. Threats Organized by Severity – Quickly see which threats need your attention first.

   

Why Does This Matter?

• Proactive Security: Catch at-risk accounts even after a password reset.
• Clearer Focus: The Threats page now directly highlights Critical, High, and Medium severity risks.
• Faster Response: Prioritize and remediate threats with severity grouping.

Stay ahead of identity threats with these new updates! 🚀 As always, we'd love to hear any and all your feedback. 😊

🌟 New Feature Alert! 🌟

What’s New?

1. OVERVIEW tab – A dedicated tab that provides key security metrics over a selected date range, helping you track trends and measure progress. Data is available starting from October 1, 2024, the earliest point in our threat records. Of course, we'll be adding more tiles to this overview tab in the future - stay tuned!

   1. Critical Threats: This tile displays the number of critical severity threats that were generated during the date range selected. Critical severity threats indicate compromised accounts, such as Account Takeover and Session Sharing.
   2. High Threats: This tile displays the number of high severity threats that were generated during the date range selected. High severity threats indicate attacks in and on your workspace, such as Brute Force Attack, Credential Stuffing Attack, MFA Fatigue Attack, and MFA Location Mismatch.
   3. Resolved Threats: This tile displays the number of threats that were resolved during the date range selected, broken down by sub-status: Remediated, No Action Taken, or False Positive.
   4. Mean Time To Remediate (MTTR): This tile displays the average time it takes for all threats to transition from Active to Resolved: Remediated, providing insight into your team's threat resolution speed and efficiency.
   5. Rate of Compromise %: This tile displays the number of unique compromised accounts over the number of unique accounts that were attacked over the selected date range, providing insight into the effectiveness of your defenses in preventing account takeovers.

   

2. RISKS tab – The System Overview is now located in the Dashboard as the Risks tab, keeping all critical insights in one place.

Why Does This Matter?

1. Help C-Suite Gain Measurable Insights – The Dashboard now delivers a clear view of security outcomes, including reductions in threat-related costs and improvements in operational efficiency.
2. Demonstrates Business Impact – Directly see how your investment in Verosint improves security, reduces risk, and enhances ITDR effectiveness.
3. Better Performance Tracking – Measure how your security team is managing threats over time, with clearer insights into risk trends and response effectiveness.

Explore the new Overview and Risks tabs in your Dashboard today! 🚀

🌟 New Feature Alert 🌟

We’ve rolled out major enhancements to Verosint, making it easier to integrate with Microsoft Entra, streamline threat response actions with a new Analyst role, and investigate Account Takeover (ATO) threats with greater context.

What’s New?

✅ Microsoft Entra Integration – With this integration, you can:

• Stream Microsoft Entra events into Verosint for proactive threat detection and response
• Enrich user profiles with key metadata for better visibility and analysis
• Take action directly from Verosint by revoking sessions or suspending accounts in real time

✅ New Analyst Role – A middle ground between Read-Only and Admins, Analysts have the complete toolkit for responding to and preventing threats...

• Trigger Threat Responses (e.g., Revoke Sessions, Suspend Account)
• Create Lists and Workflows
• Evaluate Rules

... without access to admin-level settings like billing, integrations, or user management.

✅ Enhanced ATO Investigation – From the ATO card, you can now use the See More button to pull up the Event Details panel for the exact event where the ATO occurred, giving you deeper context before diving into Account Intel.

Why Does This Matter?

🔹 Stronger security automation with Microsoft Entra’s integration.
🔹 More granular role management with Analyst permissions tailored for security teams.
🔹 Faster, more informed investigations with direct access to ATO event details.

🚀 Start using these features today!

🌟 New Feature Alert 🌟

You can now integrate Verosint's SIEM Threat Logs with Datadog, making it easier to monitor threats in real-time within your preferred security and observability tools.

What’s New?

✅ Datadog Integration – Send threat logs directly to Datadog as threats are detected.
✅ Seamless SIEM Support – Expand your security visibility by integrating with your SIEM of choice.
✅ Single Pane of Glass – View all threats from multiple sources in one place, improving efficiency and response times.
✅ Built for Enterprise Security – Enterprise organizations expect ITDR solutions to integrate with their SIEM—Verosint delivers!

Why Does This Matter?

Security teams rely on real-time threat intelligence to act quickly. By integrating SIEM Threat Logs with Datadog, you can correlate threats with broader security events, streamline investigations, and improve response times—all within your existing security workflows.

🚀 Start leveraging the Datadog integration today!

🌟 New Feature Alert 🌟

Happy Valentine's Day! 🩷 🩷 🩷 The Verosint team is bringing you some love with a new threat resolution feature!

What’s New?

Once Verosint detects a threat, you can be notified to investigate the details. After you've taken the necessary steps—whether it's mitigating the risk, deciding no action is needed, or identifying a false positive—you can mark the threat as resolved with one of these statuses:

✅ Remediated – You’ve taken action to mitigate the threat.
⚠️ No Action Taken – The threat remains, but no action was necessary.
🔺 False Positive – The threat was incorrectly flagged.

Why Does This Matter?

Security teams need clear, actionable workflows to manage threats efficiently. With this update, you can close the loop on investigations, ensuring your security posture remains strong while maintaining a clear log of resolved threats.

🌟 New Feature Alert! 🌟

You can now configure Verosint to send threat notifications directly to your desired SIEM, starting with Splunk—or use custom webhooksto integrate with other security tools. More integrations are on the way!

What’s New?

✅ Seamless SIEM Integration – Verosint threat notifications can now be sent to Splunk, keeping security teams informed in real time.
✅ Custom Webhooks – Send threat notifications to any system that supports webhooks for flexible integration.
✅ Single Pane of Glass – View all threats from multiple sources in one place, improving efficiency and response times.
✅ Built for Enterprise Security – Enterprise organizations expect ITDR solutions to integrate with their SIEM—Verosint delivers!

Why Does This Matter?

We heard you! Security teams rely on SIEM platforms and other security tools to centralize alerts from multiple sources. With this update, Verosint seamlessly fits into your existing security operations, helping you detect and respond to threats faster without switching between platforms. Splunk and custom webhooks are just the beginning—more integrations are coming soon! 🚀

👉 Learn how to configure threat notifications forSplunk or set up a custom webhook in our documentation.

🌟New Feature Alert! 🌟

Verosint Threat Response is Live!

You can now respond to threats in real time—directly from the Verosint app! Take action instantly to protect your organization.

What’s New?

✅ Real-Time Threat Response – Investigate and mitigate threats directly from the Verosint application.
✅ Integration Support for Workforce and Customer Identities – Available now for Okta Workforce Identity Cloud (Okta WIC) and Auth0 by Okta customers, with more integrations coming soon!
✅ Powerful Response Actions – Take immediate action with:

• Revoke Session*(Auth0 by Okta only)* – Logs the user out of a single device using that session.

• Revoke All Sessions (Supported for both Okta WIC & Auth0 by Okta) – Logs the user out of all devices.

• Suspend Account (Supported for both Okta WIC & Auth0 by Okta) – Logs the user out of all devices and locks the account to prevent future logins.

  

Why Does This Matter?

• You can now detect, investigate, and respond to threats all within the Verosint app, covering the full ITDR lifecycle.
• These response actions provide the flexibility to contain threats quickly—whether you need to log a user out of a single device or completely lock down an account.
• This seamless workflow improves efficiency, reduces response time, and strengthens your organization’s security posture. Stay tuned for more integrations! 🚀

💜 Improvements Alert!

We've expanded the quick filtering options in Event Explorer to make it even easier to pinpoint relevant events.

What’s Improved?

✅ New Quick Filter: Session Sharing – Quickly identify events where multiple users share the same session.
✅ New Quick Filter: Obsolete User Agent – Spot events associated with outdated or unsupported browsers.

Why Does This Matter?

These new filters help analysts detect suspicious activity faster, improving response times for potential security threats.

🌟 New Feature Alert 🌟

We’ve expanded the Account Intelligence page with a powerful new tool: the Sessions tab. This feature provides deeper visibility into session activity for a given account, empowering you to investigate and respond to potential threats more effectively.

What’s New?

1️⃣ Active Sessions Table

• Added a table of all active sessions for an account on their Account Intelligence page.
• Includes detailed session information to help you assess account activity at a glance.

2️⃣ Session Details Panel Integration

• Click on any row in the Sessions table to access the Session Details Panel for deeper investigation.

Why Does This Matter?

When a Session Sharing threat is detected, it’s critical to review not only the related session to validate any risks, but also all session activity for the affected account.

• Comprehensive Session Insights: View all active sessions for an account in one centralized place, making it easier to assess suspicious activity.
• Improved Context: This feature ties directly to the Session Sharing threat detection flow, ensuring you have the information needed to act confidently and efficiently.
• Laying Groundwork for Threat Responses: Once you've validated a threat, you may decide to revoke sessions or suspend an account. This Active Sessions table is one of many recent releases that lays the groundwork for triggering threat responses directly from the Verosint application. More to come - stay tuned! 😉

With these additions, Verosint continues to make threat detection actionable and verification straightforward. Let us know how these tools improve your investigation process—we’d love to hear your feedback! 😊

🌟 New Feature Alert 🌟

🎉 Happy New Year! 2️⃣ 0️⃣ 2️⃣ 5️⃣ We’re excited to introduce a new threat detection capability: Session Sharing. Building on Verosint’s existing ability to detect and respond to threats, this addition empowers you to stay ahead of token stealing attacks, a rising trend in Account Takeover (ATO) strategies.

What’s New?

1️⃣ Session Sharing Threat Card & Details Panel

• A new Session Sharing threat card is now generated in AI Insights when Verosint detects multiple instances of impossible travel and device changes for a given session.
• From the threat card, you can access a Session Details Panel which provides more context for you to investigate and verify the threat.

2️⃣ Email Notifications for Session Sharing Threats

• Receive email alerts when Session Sharing is detected, ensuring you can respond promptly, even when not actively monitoring your Verosint workspace.

3️⃣ Session Sharing Risk and Session Details Panel in Event Explorer

• Got a hunch that session sharing is occurring in your workspace? Verify if by searching for the Session Sharing risk in the Event Explorer.
• You can also access the Session Details Panel in the Sessions tab of the Event Explorer. Click on a specific row to see key details of the session.

Why Does This Matter?

Token stealing is a growing attack vector because sessions are long-lived. These tokens are targeted by attackers to bypass authentication entirely, enabling session sharing, which significantly increases the risk of Account Takeover (ATO).

• Session Stealing = ATO Risk: By hijacking active sessions, attackers can assume legitimate user identities, making this a critical threat vector.
• Long-Lived Sessions Add Risk: Sessions often remain active for days or even months, creating an extended window of opportunity for attackers to exploit them.

By providing tools to detect and respond to Session Sharing, Verosint empowers you to take control of session security and defend against token-stealing attacks. Let us know how these tools work for you and share your feedback—we’re always looking to improve! 😊