New feature: Custom integrations

An alert from your email security platform or endpoint protection tool requires quick action. Often, this means an IT admin must manually switch between tools to disconnect a user’s network access, creating a delay that can increase risk. We believe this process should be faster and more automated.

Today, we are introducing Custom integrations. This new feature allows you to connect NordLayer directly to your third-party security tools. It helps close the gap between threat detection and network response.

What you need to know about this update

NordLayer often plays a critical role in securing access to your company's most sensitive resources and data. While we offer various security features, a stolen device or compromised account still poses a risk.

Many security stacks use tools like intrusion detection or endpoint security to watch for unusual user behavior. When these tools spot a potential threat, the best immediate response is to log that user out of all critical systems.

This integration makes that possible. It turns NordLayer into one of those responsive systems, using alerts from your other tools to log out a suspicious user and protect your network automatically.

1. Previously, automated user disconnection from NordLayer was only compatible with the SentinelOne cybersecurity platform.
2. You can now create up to 10 custom integrations with your organization's preferred threat detection tools.
3. This allows your other security systems to trigger an automatic disconnection from NordLayer when they detect a threat.
4. The result is a faster incident response and a more unified security workflow for your team.

This feature is now available to all NordLayer customers.

Real-world examples

So, why is an instant, automated disconnection so important? Let's look at a few common scenarios where every second counts.

• Compromised account containment. Imagine a user's service credentials are stolen. An attacker now has a valid key to your network. They can start looking for sensitive files, financial records, or customer lists.

  • With this integration, the moment your identity tool spots the threat, it signals NordLayer to revoke the user’s access.
• Infected device quarantine. An employee's laptop gets infected with malware. That one device is now a risk to your entire network. It could be the starting point for a ransomware attack that spreads to your servers.

  • Instead of you scrambling to find and disconnect the device, the integration does it for you. The infected laptop is instantly disconnected from your company network via NordLayer.
• Phishing attack response. Someone on your team clicks a phishing link in an email. It happens. But that single click can open a connection to an attacker's server, allowing them to steal data.

  • Your email security tool can identify this and immediately trigger NordLayer to disconnect the user.

In all these cases, the integration removes the manual delay between detecting an alert and taking action. This ensures that access to your company's most important data is protected instantly.

How it works: connecting your security tools

This API is designed to create a direct line of communication between your security tools and NordLayer.

First, you will find a new “Custom integrations” section within the Integrations tab in your Control Panel. Here, you can create a new integration. NordLayer will then provide a unique webhook URL and a secure authentication token. This URL acts as a private endpoint for your other tools to talk to.

Next, you will configure your third-party tool, such as ProofPoint or CrowdStrike. You will tell that system to send an alert to the provided webhook URL whenever it detects a specific type of threat.

When your tool sends the signal, NordLayer automatically takes two immediate actions. It disconnects the user from the gateway and invalidates their service credentials, logging them out of the application.

Key benefits of integration

Connecting your tools provides several clear advantages for your security operations.

• Faster incident response: Automating the disconnection process reduces response time from minutes to seconds. This minimizes the window of exposure.
• Stronger security control: You can enforce network access rules based on real-time intelligence from your entire security stack.
• Seamless integration: This feature helps NordLayer fit better into your existing environment. It works alongside the security products you already use and trust.
• Better flexibility: You can tailor response actions to fit your company’s workflows and security standards.

Built to work with your existing tools

Your organization already relies on a set of trusted security tools. The new feature creates synergy between your security tools, helping them work together toward a single goal. This allows you to create a direct link between your security alerts and network access controls.

When your security solutions can communicate, they become a single, coordinated defense system. This approach helps you get more value from your existing investments without overhauling your infrastructure. NordLayer is designed to fit flexibly into your ecosystem, not force you to build a new one.

Getting started

This release is focused on providing practical tools for automation and integration. It makes NordLayer an integrated part of your security infrastructure. It allows you to create a more responsive and robust security posture by linking your systems.