With the rise of ransomware 1.0 and 2.0 attacks – which doubled in occurrences from 2019 to 2021, comprising 10% of all breaches – it is obvious why identity security should sit at the top of the CISO’s priority list. The volume of innovative attack activity in 2021 supports evidence that attackers will continue to evolve their identity-focused exploit efforts moving forward. According to the 2021 Verizon Data Breach Investigations Report, the “human element” factors into 85% of breaches, with credential data theft and misuse now factoring into 61% of all such incidents. These figures prove attackers consistently attempt to access valid credentials and use them to move throughout networks undetected. These challenges drive the need to implement security solutions that effectively guard the new identity-based perimeter.
Traditional Identity Solutions Still Leave Room for Attacks
Traditional identity security solutions topping the list include Identity and Access Management (IAM), Privileged Access Management (PAM), and Identity Governance and Administration (IGA). These tools ensure the right users have appropriate access and employ continuous verification, guiding principles of the zero-trust security model. But identity and access management – focusing solely on provisioning, connecting, and controlling identity access – is just the starting point to identity security. Coverage must extend beyond the initial authentication and access control to other identity aspects such as credentials, privileges, entitlements, and the systems that manage them, from visibility to exposures to attack detection.
From an attack vector perspective, Active Directory (AD) is an obvious but often ignored (or, at best, underappreciated) asset. AD is where identity and its key elements naturally exist, which is why it is in an attacker’s crosshairs and a top security concern. In addition, as cloud migration continues at a rapid pace, additional security challenges arise as IT teams move quickly to provision across their environments. When AD vulnerabilities combine with the cloud’s tendency toward misconfiguration, the need for an additional layer of protection beyond provisioning and access management becomes much clearer.
Identity Security with a New Twist
Modern, innovative identity security solutions provide essential visibility into credentials stored on endpoints, Active Directory (AD) misconfigurations, and cloud entitlement sprawl. A relatively new technology category, Identity Detection and Response (IDR) solutions go beyond traditional identity access management. It operates in conjunction with Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Network Detection and Response (NDR), and other similar solutions.
While EDR is a robust solution that looks for attacks on endpoints and collects data for analysis, IDR solutions look for attacks targeting identities. Once an IDR solution detects an attack, it adds a layer of defense by providing fake data that redirects the attacker to an authentic-looking decoy and automatically isolates the compromised system conducting the query. IDR solutions also provide incident response assistance by collecting forensic data and gathering telemetry on the processes used during the attack. The complementary nature of EDR and IDR fit perfectly together to achieve a common goal – thwarting an attacker’s efforts.
IDR provides extensive visibility into credential misuse, entitlement exposures, privilege escalation, and other tactics that attackers exploit or engage in within the network. It distinguishes itself from other identity protection solutions by focusing on protecting credentials, privileges, cloud entitlements, and the systems that manage them. IDR solutions pick up where other tools leave off, closing a critical gap between identity access management and endpoint security solutions to stop cybercriminal attempts to exploit vulnerable credentials and entitlements to move through networks undetected.
Identity Detection and Response Solutions
The Attivo ThreatDefend® platform portfolio provides innovative IDR solutions, including Active Directory identity-based protection and Cloud Infrastructure Entitlement Management (CIEM) visibility tools. These solutions close security risks and gaps left by traditional identity management and endpoint solutions, providing a network visibility boost and the ability to detect live attacks in real-time.
- ADAssessor – provides continuous visibility to exposures with Active Directory and detects activities that would indicate an attack
- ThreatPath – provides attack path visibility and attack surface reduction
- IDEntitleX – offers end-to-end visibility to cloud entitlement exposures (CIEM)
Detection and Response
- ADSecure – detects unauthorized activity and attacks on Active Directory
- ThreatStrike® – protects against credential theft and misuse
It’s Time for a New Identity Security Approach
With identity-based attacks on the rise, today’s businesses require the ability to detect when attackers exploit, misuse, or steal enterprise identities. This need is particularly true as organizations race to adopt the public cloud, and both human and non-human identities continue to increase exponentially. Given the penchant for attackers to misuse credentials, leverage Active Directory (AD), and target identities through cloud entitlement, it is critical to detect identity-based activity with modern IDR solutions.