Did you know that in most cases compromised identity is the root cause behind cyber incidents? Insider attacks, account takeovers, advanced persistent attacks, phishing attacks, credentials abuse among many other forms of attacks stem from compromised identity. Identity is a soft target for bad actors.
Identity-based attacks can inflict heavy damage on corporate IT infrastructure and supply chains. From improper IAM system misconfigurations to inadequate controls such as lack of auditing and monitoring of an identity, vulnerabilities within IAM systems can pave the way for intruders to take advantage of weaknesses in the access management process.
That is why in the era of fast-paced digitalization wherein applications, devices, and end users as well as services are exploding in numbers across the hybrid IT infrastructure, building an identity-centric security posture is of paramount importance for maintaining business resilience.
But for that to happen, organizations will have to move a step ahead of conventional IAM practice and embrace Identity Threat Detection and Response (ITDR) capabilities. Embedding ITDR capabilities with IAM and PAM systems helps security pros to identify real-time security risks and mitigate threats.
In this blog we will discuss the top five reasons why organizations will look to embed ITDR with their IAM and PAM systems.
Reason #1: Shift from compliance-centric to business resilience thinking
While compliance is the foundation for a robust cybersecurity framework, effective risk management is at the top of the corporate agenda. Ensuring business resilience is now one of the most recurring topics among board members. They are more interested in learning from security pros how effective and proactive the security posture is. Implementation of ITDR capabilities goes a long way in mitigating identity-based threats. It helps to identify identity-centric threats in real-time and take measures to build a proactive security posture—a prerequisite to ensure business and supply chain resilience.
Reason #2: Cloud adoption and complexities
Global organizations are swiftly moving towards cloud computing. That means, workloads and data will keep spreading across multiple cloud platforms. This may increase complexities related to management of digital identity and expand the threat vector. One of the biggest challenges found during cloud adoption is that over-privileged entitlements remain unnoticed. Considering the number of applications in use, many access paths and the tremendous number of significant resources hosted on cloud, an incident involving misuse/abuse of an identity can shake the foundation of an IT estate. ITDR helps to identify anomalous behavioral profiles– those identities that can be potentially dangerous and enables security leaders to take an appropriate measure by remediating risks.
Reason #3: Decentralized IT setups
Having decentralized IT setups are very typical of mid-size and large enterprises. Decentralized set-ups, particularly in the case of IAM controls, are very demanding and challenging in terms of maintaining the desired level of security. Such setups require having a robust threat detection engine so that any form of threat emanating from identity sprawls across the multiple datacenters resulting in security breaches can be prevented. ITDR offers 360-degree threat insights over all identities that deviate from the sanctioned baseline activities.
Reason #4: ITDR Supports the Zero-Trust approach
Global organizations operating in siloed and distributed datacenter environments are scrambling to build highly secure micro perimeter and micro segmentation-based architectures. The objective is to secure network, devices, and dispersed identity (end users) so that these IT components are protected from intrusion. Nevertheless, building micro-perimeters and micro-segmentation is not adequate to address the insider and third-party risks, stemming especially from weak IAM controls.
While defining a perimeter and segmentation will restrict the identity of ‘crossing the limit,’ it would never be detected if a digital identity were doing something different from sanctioned baselines or something anomalous in nature. The crux of the zero-trust approach lies in “never assume trust but always verify the trust.” ITDR in this regard comprehends the zero-trust approach as it, when embedded with IAM and PAM systems, allows IT security professionals to verify anomalous profiles (IDs) within the network on a continuous basis.
Reason #5: ITDR helps to build identity fabric
Building an identity fabric is critical in a highly distributed IT environment. It helps IT security and operations teams to manage users and their entitlements across several layers of IT infrastructure with flexibility. Policy enforcement (MFA, JIT Privileges, Provisioning, Deprovisioning) for identities can be created using an integrated identity fabric framework. ITDR’s cognitive analytics around IDs aid in the development of an identity fabric. It raises ‘red flags against identities with anomalies and threats, making admins’ lives easier when it comes to establishing identity rules, such as whether a particular identity should be deprovisioned based on its anomalous patterns, or whether a particular identity should be granted JIT access to applications based on its behavioral patterns.
ARCON Knight Analytics: A Powerful ITDR Engine
ARCON has developed Knight Analytics, an AI tool that combines machine learning with algorithms capable of analyzing enterprise data to enable administrators to make better informed IAM and PAM decisions.
Access data is analyzed by the Knight Analytics engine to detect, predict, and display evolving threats, attack patterns, risky patterns and suspicious behavior. It also logs behavior anomalies detected within the IAM and PAM environments and combines these with the overall data to further understand the risk posture of an organization.
The solution uses a neural network based on a ‘predict, protect and prevent’ philosophy. The neural network creates a separate node for every privileged user so the behavior of one does not impact the analysis of another.
The system is designed to create risk scores for individual users from AI based analytics on which future privileged access decisions can be made. Risky privileged entitlements ideally require both role and rule-based control over users. As soon as the tool clusters data on risky behavior profiles and users’ anomalies, AI driven analytics kick in to generate a risk score based on the historical data of users. By analyzing data in real time privileged access management decisions are adaptive and less dependent on fixed rules.
Based on the risk-scores, a security team can then decide whether to grant or revoke privileged entitlements. The use of analytics gives administrators stronger evidence and risk-based data on whether to grant access or not. Algorithms use the users’ logged data to identify risky profiles. The algorithms can spot a user or group of user’s deviances from baseline activities, cluster them and give an alert.
Conclusion
Implementing ITDR capabilities amidst an increasing number of digital identity-based threats is extremely important to reinforce IAM infrastructure.