Phishing is the most common attack vector used by adversaries when attempting to compromise technical infrastructure. If an attacker successfully used a phishing attack to take over or steal credentials from a Foundry customer’s SSO account, they’d likely try using those credentials to access the Foundry platform. Palantir has engineered several controls to assist in mitigating potential security impact from phishing attacks. However, in the spirit of maintaining a shared security model, Palantir also advises that customers observe several best practices in an effort to harden their own attack surface against phishing.
Foundry customers are responsible for managing access and identity for users via single sign-on (SSO). One of the most impactful controls in securing the authentication workflow is enforcement of multi-factor authentication (MFA). Ensuring that all users are enrolled in MFA means that an attacker would need to defeat multiple security controls to inappropriately access the Foundry platform.
Palantir natively supports ingress controls, as described in the Configure network ingress documentation. Palantir recommends strict IP allowlisting as a defense-in-depth control intended to deny adversaries the network access required to take offensive action.
Additionally, any ingress controls on the Foundry side can be mirrored in one’s SSO controls for redundancy.
If using Microsoft Azure AD (or an IdP with similar features), consider leveraging conditional access policies ↗ to further enforce access to Foundry. Even in cases where IP ingress restrictions are untenable, there may still be security value in restricting access based on other factors, such as enrollment in device management.
If implementing a single sign-on (SSO) solution with appropriate security controls is infeasible for any customer, contact your Palantir representative; we may be able to provide one for you.
Humans are generally the key point-of-failure in successful phishing attacks, and proper OpSec training is key to ensuring that users don’t fall victim. Some key points to cover with personnel include:
If you’re in need of engineering assistance, or general security guidance, contact your Palantir representative; we’re happy to assist with controls to mitigate against attacker activity.