Flare adds Okta support to identity exposure platform

Flare has expanded its cyber threat intelligence platform and added an Okta integration to its identity exposure management product, bringing investigation, identity risk management and AI-assisted workflows into one offering.

The changes are intended to address a common problem for security teams, which often rely on separate tools for threat intelligence, threat investigation and identity risk management. Flare is positioning the update around what it calls an identity-first approach, focused on breached identities as a primary route for attacks.

At the centre of the expansion is a broader version of Flare CTI, which combines several threat intelligence functions within a single platform. These include a centralised intelligence browser for researching indicators of compromise, threat actors, and tactics, techniques and procedures across multiple intelligence providers and related entities.

The product also includes AI-generated reporting for different audiences, along with sandbox and file analysis for suspicious files and web links. It also offers STIX/TAXII feeds so intelligence can be sent to other security systems used by customers.

Flare says the expanded CTI package is designed to support both tactical and strategic work by security teams. It argues that bringing these elements together can reduce the operational burden and cost of maintaining multiple specialised products.

The update also extends Flare's identity exposure management product with support for Okta. Customers can now validate exposed credentials and identity risks against Okta environments, in addition to existing support for Microsoft Entra ID.

By linking external threat intelligence with live identity infrastructure, security teams can better assess which exposed identities present the highest risk and respond more quickly, Flare says. The emphasis is on remediation priorities in environments where account takeover remains a persistent concern.

Hundreds of organisations have already deployed Flare's identity exposure management product in production, according to the company. It says the system has processed more than 25,000 automatic identity validations to date.

Identity focus

Flare has built its market position around collecting exposed identity data from sources such as stealer logs and criminal forums, then matching that information against corporate identity systems. That model reflects a wider shift in cyber security towards identity as a central layer of defence, especially as attackers increasingly target credentials rather than infrastructure vulnerabilities alone.

For many organisations, this creates overlap between traditional threat intelligence teams and identity security teams. Flare's latest product changes appear intended to unify those workflows, rather than leave analysts moving between separate consoles and datasets.

Serge-Olivier Paquette, Chief Product Officer at Flare, said security teams were facing pressure from both the growth in identity-based threats and the emergence of AI tools.

"Security teams are under pressure to seal the most potent threat vector, breached identities, and take advantage of new advances in AI, all while managing increasingly complex environments," said Serge-Olivier Paquette, Chief Product Officer at Flare.

He said organisations need threat intelligence and identity risk tools that provide a clearer view of immediate risks and next steps.

"Organisations need a clearer view of the real, concrete threats they face, the identities really at risk, and the actions they should take now. With these platform expansions, we're bringing those capabilities together while helping customers prepare for a new generation of AI-assisted security operations," Paquette said.

Market signal

The expansion comes as suppliers across the cyber security sector try to simplify product portfolios that have grown around specialist tools and point solutions. Threat intelligence, digital risk protection, identity security and automated response have often been sold separately, even though security operations teams use them in related investigations.

Flare has also sought to underline its position in that changing market by pointing to external recognition. It says it was included in the inaugural Gartner Magic Quadrant for Cyber Threat Intelligence, where it was noted for strength in identity exposure management.

That reference matters because threat intelligence has historically been associated with analyst research, indicator feeds and actor tracking, while identity exposure management is a newer category shaped by credential theft, infostealer malware and account compromise. Vendors that can connect those areas are trying to argue that intelligence is only useful when it leads directly to validation and remediation.

Flare says it began developing that approach in 2025 by combining dark web identity exposure data with validation and remediation against live corporate identity infrastructure. The addition of Okta support extends that model to a broader range of enterprise identity environments alongside Microsoft Entra ID.

For customers, the practical question will be whether combining threat research, analysis, reporting and identity validation in one product reduces response times without adding complexity elsewhere in the security stack. Flare's answer is that a single operational view can help analysts focus on exposed identities that present an immediate risk.