Webinar – IAM Meets ITDR: Key Takeaways  

ARCON and KuppingerCole recently co-hosted a webinar to discuss and analyze the importance of adopting an identity-first security approach and integrating ITDR with IAM systems. On October 17^th, 2024, John Tolbert, Lead Analyst, KuppingerCole Analysts AG and Harshavardhan Lale, Vice President of Business Development, ARCON turned their attention towards discussing – 

• How ITDR reduces attack vectors 

• How to secure all forms of sensitive business information 

• How ITDR lays the foundation for a Zero Trust approach 

During the first half of the webinar, John Tolbert from KuppingerCole highlighted how the importance of identity-centric security has gained momentum in enterprises worldwide. Below are the key takeaways from the first half of the session. 

• Identity is the new threat vector where ATOs (Account Take Overs) are escalating an almost all cyber-attacks and data breaches leverage compromised credentials. Attackers can buy compromised credentials on the dark web. 

• The Major Types of Attacks Against IAM systems are Credential harvesting, Privilege Escalation, Discovery, Persistence, AD Domain Service Exploits, Lateral movement, and DoS. 

• Credential Harvesting or precisely stealing legitimate user credentials happens due to Password spraying, Brute force, MFA fatigue, LSASS dumping, Kerberoasting, Pass-the-hash, and more. 

John continued his session with an explanation of ITDR and what its role is in modern cybersecurity posture. 

• ITDR, according to him, is just another DR Tool that is used for detecting real-time threats, anomalous behavior, credential attacks, privilege escalation, abuse of identity trust relationships and more. It is also beneficial for event correlation, alerting, attack path visualization, incident investigations, manual and auto responses to disable accounts and conditional access enforcement (MFA) and more. The architecture of ITDR fits as below: 

• There are various reasons why ITDR solutions are sought by enterprises. The major among them are protecting AD, protecting IDaaS, preventing workforce ATO, deterring insider threats, enforcing MFA and looking for MFA bypass attempts. 

• The technical requirements of ITDR are APIs for connectivity, IAM and IDaaS integration, credential intelligence, UBA, access analytics, AI-powered risk analysis, investigation interface, and threat detection responses. 

• Modern challenges of deploying ITDR revolves around complexities of IAM infrastructures, AD, AAD, IDaaS, Internal apps with proprietary authorization systems, SaaS app integrations with other security tools, EPDR/ XDR, SIEM, SOAR etc. 

• The future of Identity Threat Detection and Response (ITDR) is poised for significant evolution as organizations face increasingly sophisticated cyber threats. There have already been some acquisitions, and more are likely to happen across the globe. But the million-dollar question is – Will it last? 

In the latter half of the webinar, Harshavardhan Lale from ARCON discussed the role of Identity Access Management (IAM), especially ARCON’s IAM solutions, in meeting the ITDR requirements in enterprises. Here are the key takeaways from his session. 

• Harshavardhan started his session with very basic insights of identities and the variety of identities that exist in IT infrastructure. The evolution of digital identities is not yet over. In fact, a lot more is about to come in the next five years. 

• Digital identities drive business models with growth, efficiency, and excellence that is directly involved in profit-making and revenue generation. If we try to construct a digital identity, there are several parameters that are considered. Personal thoughts, likes, dislikes, professional details, online activities/ behaviour, which tools are used, where the information is stored/ saved etc. are taken into account. 

• If we classify the types of digital identities, there are interactive identities and non-interactive identities. Interactive identities include human identities and machine identities (bots). Non-interactive identities include mobile devices, desktops, APIs, web servers, database servers, application servers and more. 

• The typical challenges that organizations face with identities are – lack of detailed password policies, weak and reused passwords, poor role management, too many admin accounts, auditing and compliance, multiple devices per user and more. 

• Continuing what John discussed in the earlier session, Harshavardhan added that there are different identity-based attacks that are dominant in enterprises. Some of them are – Credential Harvesting, Credential Stuffing, Social Engineering, Password-based attacks, Third/ Fourth party breaches, Attacks on AD, Kerberoasting, Pass-the-hash, Shoulder Surfing and more. 

Explaining why Access Management comes into picture, Harsh explained the necessity vividly. The reasons are – 

• In the new, highly distributed “Open Enterprise” user access originates from a variety of locations, devices or applications residing on-premises, in the cloud or in a hybrid environment. The network perimeter can no longer provide a control mechanism for this access. Identities now constitute the new perimeter and are the single unifying control point across all apps, devices, data and users. 

• Managing the people entering and exiting your enterprise requires substantial IT and HR resources, often leading to delays in getting users the access they need to effectively do their work. 

• Privileges are built into critical infrastructure including operating systems, file systems, applications, databases, hypervisors, cloud management platforms, DevOps tools, robotic automation processes, and more. Cybercriminals covet privileges to gain access to an organization’s most sensitive targets. 

• With access to privileged credentials in their clutches, a cyberattacker essentially becomes an “insider” threat, capable of performing lateral movement into other applications, user segments, other areas of the critical infrastructure, and finally, perform data exfiltration and malicious attacks. 

• Controlling, monitoring, and auditing privileged access—for employees, vendors, systems, applications, IoT, and other areas of critical IT environments, is essential to protect against both, external and internal threat vectors, as also to meet growing compliance needs. 

• IAM solutions can rescue organizations with the help of strong password policies, multi-factor authentication (MFA), Single Sign-On (SSO), Access control, Identity verification, Service account management, Session management and monitoring, Threat intelligence Integration and more. 

• Adding to the above, Harsh explained why IAM solutions are adopted to protect organizations from identity-centric threats. While IGA (Identity Governance and Administration) of user identities, streamlines identity workflow based on user roles, PAM (Privileged Access Management) regulates access to sensitive or specialized data, including JIT, MFA, session monitoring, etc. On the other hand, CIAM pertains to data related to customers, including customer privacy as well as limitations to the assets customers can access.  

Organizations achieve the below with Access Management solutions: 

• Lifecycle-management system for user identities (human & non-human) 

• Role-based Access Control (RBAC), including authentication and authorization mechanisms 

• Track network to monitor who has access to what, when & where 

• Prevent sharing of credentials 

• Standardise & automate key processes for user-account operations and management  

• Adherence to regulatory & compliance requirements for identity & access management 

• Manage & mitigate risks pertaining to privileged (elevated access) user credentials 
  

The need for ITDR in today’s IT security context is highly imperative because of – 

• Identity is a fundamental to business and is the foundational aspect of Cybersecurity 

• Organizations rely on their identity infrastructure to enable collaboration 

• The process of managing and granting access to resources becomes complex 

• Non-human identities and BYOD create further complexities 

• Organizations are required to comply with cross border regulatory compliances 

• Lack of visibility into SaaS account inventory 

• Zombie SaaS accounts 

• Excessive PaaS and IaaS privileges 

• Credential breach is involved in 40%+ security breaches 
  

The key features and use cases of ARCON Access Management in this regard are – 

• Provisioning, Deprovisioning, and Re-provisioning 

• Single Sign-On 

• Password Management & Password Rotation 

• Session Management 

• Privileged Elevation & Delegation Management (PEDM) 

• Access Control with Workflows (eg Segregation of Duties) 

• Robust Multifactor Authentication 

• Identity Governance & Administration (IGA) 

• Highly mature Password Vault to randomize privileged passwords 

• on-scale Secrets Management for DevOps and CI/CD Environments 

• Large connector framework for third-party tool integrations and quick deployments 

• Additional connectors built on-the-fly, if needed 
  

Before concluding his session, Harshavardhan gave some crucial organizational details of ARCON, a brief introduction of all the IAM solutions of ARCON and how the organization is acknowledged by global analysts’ communities consecutively in the last several years. Nevertheless, Harshavardhan also added that ARCON provides its services to multiple industry segments globally and thus it can meet the ITDR requirements in modern IT security context. 

Conclusion 

The webinar concludes with discussing the poll questions shared by John earlier. The participants responded by answering the questions and raising questions to clarify their points. Both John and Harshavardhan shared their valuable insights while analyzing the poll results and answering the questions.