Organizations need to focus more on protecting their infrastructure; There are many trends in cybersecurity today, as organizations battle increasingly cunning and prevalent cybercriminals; new tools and methods are emerging all the time.
Sophisticated threat actors are actively targeting identity and access management (IAM) infrastructure, and credential misuse is now a primary attack vector. ITDR, therefore, is the «collection of tools and best practices for defending identity systems.»
This adds another layer of security to even mature IAM deployments, said Mary Ruddy, a Gartner analyst.
«Identity is now foundational to identity-first security operations,» she said. «As identity becomes more important, threat actors are increasingly targeting the identity infrastructure itself.»
Simply put, «organizations must focus more on protecting their IAM infrastructure.»
Step 1: Assess Identity-First’s security posture
Examine the level of identity risk in your cloud environment by reviewing actual access privileges and identifying stale accounts, excessive privileges and privilege escalation paths. The proliferation of identities and assets, coupled with the dynamic nature of the cloud, often leads to hidden, unused and excessive access.
For example, «more than 95% of accounts in IaaS use, on average; less than 3% of the rights granted to them, greatly increasing the attack surface for compromising accounts.» Gartner Innovation Insight for Cloud Infrastructure Entitlement Management published June 15. 2021 by Henrique Teixeira, Michael Kelley and Abhyuday Data.
Checking all cloud services and applications for illicit access can be time-consuming and error-prone. CIEM (Cloud Infrastructure Entitlement Management) solutions can help identify over-privileging in IaaS. If you want to cover all your bases, it would be beneficial to also review cloud applications and IAM tools to identify obsolete access from partial onboarding, as well as privilege escalations between systems (shadow admins and federation).
Step 2: Assess Identity Threats
Review your IAM tool configurations and implementations (IdP/SSO, IGA and PAM) for risks and threats such as exposed passwords, user impersonation and unauthorized changes. Even mature deployments of IAM solutions can be exposed to identity threats due to configuration errors or even by design.
A timely assessment will provide you with an estimate of your level of exposure and indicate the prioritization and scope of your ITDR adoption for ongoing protection. Identifying where you are exposed will also help you determine who should be responsible for ITDR in your organization.
Step 3: Examine response guidance
Your SIEM, SOAR and XDR tools handle incident response for your security infrastructure. Chances are that some of your existing guidance can also be used for identity risks and threats. Review your existing manuals to identify what will work for identity and access incidents and what requires adjustments or new manuals.
Some ITDR solutions also provide automated remediation capabilities, such as disabling excessive access, and resolution recommendations (such as moving from SWA to SAML). The severity and potential impact of incidents on your organization will determine the urgency and automation of your playbooks.
Find a solution for every IT challenge in your enterprise with our powerful converged platform. Get a personalized demo.
Sources:
(1) Securityboulevard
(2) Venturebeat
Image by Pete Linforth on Pixabay
Translated with www.DeepL.com/Translator (free version)