The growing ferocity and increasing frequency of cyberattacks create huge problems for cybersecurity teams, especially when they lack the tools to measure and manage entitlements and identities. Obviously, more must be done to secure user accounts and the associated digital identities and privileges assigned to remediate attack surfaces. Yet, how can IT better secure those accounts without having the details of each account?
June 21, 2021 - The growing ferocity and increasing frequency of cyberattacks create huge problems for cybersecurity teams, especially when they lack the tools to measure and manage entitlements and identities. Obviously, more must be done to secure user accounts and the associated digital identities and privileges assigned to remediate attack surfaces. Yet, how can IT better secure those accounts without having the details of each account?
“It’s all about gathering intelligence and understanding the relationships between user accounts, access rights and entitlements,” said Axay Desai, founder and CEO at ObserveID, Inc. “Proper cybersecurity requires that cybersecurity teams have full visibility into those elements.”
However, that is much easier said than done. For the most part, much of the metadata and associated account info gathered to date has been done manually. Further complicating the push to gain visibility is the fact that critical data is often stored in spreadsheets or other documents, leaving a lot of room for error. Add multiple cloud services to the picture and it becomes obvious that centrally managing identities and entitlements has become next to impossible.
“Trying to build visibility out of siloed data sets is a tedious, manual task which often omits critical information and creates errors,” Desai said. Desai added that there’s a growing need to centralize account data, even if the services themselves are not centralized. Cybersecurity issues are running rampant across organizations that use multiple, independent clouds or services, where an account compromise that goes unnoticed on one service is used to expand the attack surface and achieve lateral movement.
Without proper visibility and correlation, attacks can go unnoticed for months, especially if compromised identities are shared across services.
“Account takeovers, escalated privileges, eavesdropping and password attacks are growing in ferocity and frequency,” said Desai. “Many of those threats leverage weaknesses found in digital identities, such as lack of proper management, poor policies, weak passwords, overprivileged rights and many other shortcomings due to how identities are provisioned, managed and secured.”
Tackling those problems head-on is where identity intelligence comes into play; this concept gives IT administrators visibility into what accounts are used, who uses those accounts, what purpose(s) the accounts serve and what entitlements should be granted to those accounts.
Today’s businesses are adopting hybrid clouds, cloud services, cross-platform applications and mobile solutions which, in turn, made managing identities and their associated entitlements far too difficult to be accomplished manually.
“Businesses are finding that gathering real-time intelligence, especially in the form of identity intelligence, has become the key to reducing attack surfaces and mitigating risks,” said Desai. “That requires taking a holistic approach to identity, account and entitlement management. Enterprises must have a centralized platform that can offer cradle-to-grave management of identities, as well as monitor those identities to be truly holistic.”
Many businesses are turning to identity and access management (IAM) platforms as the first step to unifying identity and entitlement management. However, some are confusing the capabilities of IAM with those of an identity intelligence and automation platform, where active monitoring and anomaly detection come into play, as well as automated responses. “Avoiding modern-day threats requires gathering real-time intelligence and then being able to automatically act on those threats,” Desai explained.
“Going beyond the capabilities of the typical IAM solution means incorporating advanced analytics, which are also aimed at mitigating cybersecurity risk,” Desai advised. “A management platform must be able to integrate with the identity and access management systems used by cloud vendors and also be able to roll up information into a centralized management structure.”
Ultimately, enterprises today should be taking a long, hard look at platforms that incorporate identity analytics paired with real-time response to create a foundation of identity governance. Identity governance can then become the central tool to synchronize, secure and provision identities, while also providing the framework for cybersecurity, compliance and account usability.