Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Sergey Medved of Quest Software examines why, in the wake of SEC charges against SolarWinds, enterprises need to shift their focus to identity management.
Recent SEC charges against the CISO of SolarWinds shook many in the cybersecurity industry as they made real the long-lasting consequences of cyber incidents. The charges also focused attention on the method used to leverage compromised SolarWinds systems way back in 2020: abuse of privileged accounts. Once attackers gained access to the privileged account status of SolarWinds deployments, they were able to do essentially whatever they wanted within numerous SolarWinds customers.
The memories the SEC action conjures are needed, as many organizations are still working to get full control over privileged access to their systems. In fact, many are now considering a broader approach to identity management in general, when thinking about securing privileged identities. With the demise of workplace physical computing perimeters, due to factors such as cloud migrations and dispersed workforces, identity has become the real new enterprise computing perimeter.
Once an attacker is able to get past an identity and log into a system, there are numerous ways they can infiltrate further, interrupting operations or stealing sensitive information. CISOs must adapt their cyber risk strategies to this new reality by understanding how educational gaps have gotten us where we are, why identity threat detection and response visibility will make or break their cyber defenses, and how to better leverage cloud and AI-powered technology to protect all identities.
Identity Management is the New Perimeter
How Did We Get Here?
Identities are increasing in number, and while many organizations recognize the identity management need, they are still getting breached. 90 percent of organizations have experienced at least one identity-related breach in the past year, according to the Identity Defined Secure Alliance. With so many accounts created by bot machines and multiple user accounts across organizations, identity sprawl makes many accounts vulnerable to being compromised.
Identity management complexity only exacerbates the problem. A typical enterprise company may be deploying multiple identity and access management (IAM) products. This puts multiple identities into multiple clouds as well as on-premise – and with different solutions overlapping each other, it’s all too easy to miss critical context. If something changes in one cloud, something else may change in another, making it difficult to correlate activity. Additionally, because overlapping identity frameworks are spread across complex enterprise technology environments, and often supported by insufficient budgets, attackers are catching on, capitalizing on the likelihood of vulnerabilities and the inability of a sprawling tech stack to catch them.
The Remedies: Prioritize Identity as the Biggest Attack Surface Risk Across Your Org
Addressing the challenges with identity management needs to happen at both a cultural and technological level within organizations. Education is one of the key areas to shift people’s understanding of security threats and recognize that identities are one of the most at-risk parts of the attack surface. Threat actors are looking for the easiest way in, and their method of choice is sending phishing emails and text messages. It’s important for users to understand the risks that come with clicking on phishing messages – even more so, they need to understand what phishing is to begin with. Key to an incident response plan is an educational component to empower users as informed participants in email security. While this doesn’t make organizations completely bulletproof, it is one of the most effective ways to catch and stop phishing attacks early.
At a strategic and technological level, organizations today need to be looking for next-generation identity threat detection and response systems that work across their complex, hybrid infrastructure and can help them reduce identity sprawl. Key to this search is evaluating solutions that incorporate AI in the right ways. AI, particularly generative AI, can be beneficial for understanding data correlation and generally automating repetitive tasks. It can also help with various forms of threat detection response by taking a deeper look into an organization’s systems, making it easier for teams to identify and flag high-priority incidents. More than raising the alarm, AI can also introduce new efficiencies to help free up security analysts drowning in…
Read More: Identity Management is the New Perimeter