As organizations add cloud applications as part of their daily workflow, “single sign-on” is necessary to improve security, increase productivity, and reduce IT costs. However, like the move towards containerized deployment, network, security, and packet analysis tools are often missing out on these features.
SAML is an industry standard for single sign-on integration with applications. Used along with your most critical investigation and troubleshooting tools, SAML-based SSO can significantly improve your NOC, SOC, and IT teams’ operational security and performance.
Single sign-on systems allow users to remember a single username and password and use those credentials once, automatically logging into multiple applications as needed without taking the time to authenticate with each one individually or more importantly, remember multiple passwords.
While there are many SSO solutions available, the Security Assertion Markup Language (SAML) is an OASIS Open specification that standardizes the communication and format of login information between identity providers and service providers (i.e., applications) for single sign-on. This means that these systems can work together without any further integration.
This has advantages for anyone selecting an identity provider. This identity provider may be a server in your own network, or it may be an external SAML service such as OneLogin, PingOne, Okta, or others. Using SAML-based providers gives confidence that more applications will be able to work with the chosen system. Any enterprise deploying its own identity provider system that uses SAML can add any application that supports SAML for its users.
Many business process applications support SAML, particularly cloud or SaaS solutions. As more and more SIEM automation and managed network products move to the cloud, SAML-based authentication is a significant value-add for organizations.
Of course, network packet capture and analysis are often still done with native software installed on workstations. When such functionality is moved to a cloud (private or otherwise) based solution and integrated with SAML, your network and security analysis workflows become much more efficient.
For example, let’s say your team works with a cloud-based Security, Orchestration, Automation, and Response (SOAR) solution and manages their Wi-Fi APs and network switches (with native packet capture) via a cloud portal. Let’s also imagine they all use SAML-based SSO. Incorporating a pcap analysis solution that is also cloud-based and uses SAML can streamline the resolution process like this:
CloudShark supports SAML-based SSO to make the packet capture storage and analysis portion of your DFIR, network ops, and IT processes significantly easier. You can read the details on our support page.
Would your organization benefit from having your analysis tools integrated with your single sign-on system? Contact us to learn more!