Identity Security Trends In The Age Of Zero Trust
Posted November 9, 2023 by Joe Schnell
Zero trust strategies have thrown identity back in the spotlight, catching the attention of CISOs who wonder if they’re putting enough focus on identity security.
Without identity, a zero trust approach can’t authenticate which users to authorize for access to specific network resources.
With identity security, you know which people and machines are in your network, how they’re interacting with each other, and where to remediate to prevent breaches.
Three Pillars of Identity Threat Detection And Response
Gartner introduced the term identity threat detection and response (ITDR) to describe the tools and best practices to defend identity systems from threat actors and credential misuse, which has become a primary attack vector:
According to Verizon’s 2023 Data Breach Investigations Report, 49% of all breaches involve stolen credentials. Attackers attempt to access and use valid credentials to move undetected throughout enterprise networks.
ITDR tools monitor how people are coming into the organization’s digital environment and accessing resources. ITDR focuses on three main pillars of functionality: access management, privileged access management (PAM), and identity governance and administration (IGA).
Access Management: How You Grant Access
Access management technologies and processes serve to authenticate identities and authorize access to your organization’s systems, applications, and data.
For this pillar, solutions range from single sign-on and multi-factor authentication (MFA) to a smart card or fingerprint. If your organization is a house, these are the keys or passcodes to your front door.
Privileged Access Management: How You Grant Elevated Access
Continuing the house analogy, you would have additional security requirements for some members of your household to access certain areas of your home, such as a gun safe or a safe room.
Likewise, PAM recognizes you have certain identities that require additional or elevated access to resources of higher importance or risk. Privileged access management grants permission, secures, and monitors these areas with elevated access accounts held by specific roles such as administrators or auditors.
Today’s PAM solutions offer a range of basic, intermediate, and advanced capabilities. A fundamental functionality is account discovery, a process that scans for new and modified privileged accounts. Organizations should continue to mature their use of PAM to include more advanced capabilities such as privileged task automation, which uses elevated access to automate tasks and workflows.
Identity Governance And Administration: How You Provision And Audit Access
Rounding out the house analogy, you might give your front-door key to a neighbor while you’re out of town so they can pet-sit. Then you take back the key when you return as part of managing your home security.
IGA manages identities and their access rights throughout the organization based on business roles and where they are in their lifecycle – such as joining your company on day one, moving from one department to another as their careers evolve, and leaving your organization.
Provisioning and continuously auditing identity-based access helps limit the risk of data breaches, using automated processes to ensure people have access only to what they need in their current roles.
Trends In Identity Threat Detection And Response
ITDR vendors continue to add capabilities in response to – or to get ahead of – emerging threats. Some notable trends include:
Active Directory hardening. ITDR tools are focusing more heavily on identifying risky accounts or configurations and recommending remediation. Use these tools to clean up inactive user accounts, ensure people are using secure passwords when they change them in Active Directory, and limit users and machines to only the minimum necessary privileges to perform their tasks.
Privileged access management can help put controls around identity attack techniques such as Kerberoasting, which adversaries use to obtain valid credentials for Microsoft Active Directory service accounts. Kerberoasting can provide bad actors with higher privileges and enable them to remain undetected in the environment for longer periods:
Cached credential visibility. Any identity can be vulnerable through account and credential information stored on endpoints, where attacker tools can exploit them. ITDR tools can provide visibility into credential caches on assets across the enterprise including servers, workstations, and laptops.
Identity-based monitoring detects and alerts you to behavioral changes or suspicious events. These tools, for example, can alert you when someone in your company suddenly starts interacting with a database they don’t normally engage with.
Identity-based response follows up identity-based monitoring of suspicious events, using automation to restrict access to a specific database or disable the account.
Improving Identity Security With Workforce Password Management
People don’t like to change their passwords, even after their password is compromised. According to SpyCloud’s 2022 Annual Identity Exposure Report, 64% of users with more than one password exposed in breaches continued to reuse passwords. Additionally, the report found:
“For users we can tie to breach exposures in 2021 and prior years…70% were still using the same exposed passwords.”
Workforce password management solutions can reduce password reuse, improve password complexity, and provide visibility to compromised passwords.
Workforce password management gives you a place to store and vault passwords in the cloud or in some cases on-premise. The end user has the only passkey to get in and use those passwords, but administrators have visibility to risks created by compromised credentials.
Joe Schnell, Sayers Senior Cybersecurity Architect, says:
“Now it’s easier to generate complex passwords and keep them more secure, harder to crack, even if they get picked up in a breach. Solution offerings in this area give administrators the ability to see the level of password reuse, the strength of the passwords, and whether those credentials have been found in a recent breach.”
Questions? Contact us at Sayers today to discover how to protect your organization with the right identity security solutions.