Blog Post

The rise of Identity-based attacks

Identity and access rights are increasingly threatened as both public and private companies move away from on-premise solutions to adopt the cloud. According to the 2022 Data Breach Investigation Report by Verizon, identity theft is the main initial vehicle of 82% of violations.

PUBLICATION DATE:
July 19, 2022

Identity and access rights are increasingly threatened as both public and private companies move away from on-premise solutions to adopt the cloud. According to the 2022 Data Breach Investigation Report by Verizon, identity theft is the main initial vehicle of 82% of violations.

Verizon is not alone in recognizing this change. In a recent publication, Gartner estimated that before 2030 “75% of security errors will arise from an inadequate management of Identity and access rights” compared to the 50% level in 2020. The need for a more solid and structured Identity is, indeed, rapidly growing. Of particular importance is the ability to detect suspicious anomalies arising from violations of valid identities. Attackers constantly strive to violate valid credentials and use them to navigate companies’ private networks without being detected. Stealing identities with privileged access rights gives attackers the keys to the kingdom and all the crown jewels they safeguard.

Traditional solutions for identity security like Identity and Access Management (IAM), Privileged Access Management (PAM), and Identity Governance and Administration (IGA) focus exclusively on authorization and authentication of users that is, generally speaking, making sure that only the right people have access to the resources they need. This, however, is only the starting point for identity security. The continual analysis of user behavior to detect anomalies that arise from fraudulent use of applications is of paramount importance. In other words, what we are really in need of is a way to detect user identity theft by looking at every aspect that surrounds a user including how that user acts on the systems.

Identity Threat Detection and Response allow for the detection of identity theft and its subsequent improper use that eventually lead to dangerous attacks. Sharelock is the first Security Behavior Analytics platform to do that with a completely AI-based architecture. We continuously monitor accounts, accesses, and applications used to protect your infrastructure and more importantly your business applications and data, tracing back every possible risk to a potentially compromised user. Our machine learning algorithms can analyze data originating from completely different sources like IAM/IAG platforms, your IdP (Azure AD, Okta, Ping), IaaS (AWS, Azure, Google Cloud), SaaS (O365, Google, GitHub), and even custom applications. Data coming from these sources are normalized and analyzed to build behavioral baselines tailored to every single identity so that we can detect, in real-time, any anomalies that may lead to attacks or theft. Our view of your data allows you to closely monitor every aspect of your organization, and promptly detect threats when they arise so that response measures can be taken.

IDENTITY HYGIENE

Ghost and inactive accounts must be frequently deleted. However, they often are not because of negligence, carelessness or lack of time. Moreover, determining whether an access right is unnecessary or redundant is usually a complex task. If, on the one hand, aggressively removing accesses help adhere to the “minimum privilege” principle, on the other hand it is usually preferable not to make things too complex or, worse, hamper the work of your employees and consultants by occasionally depriving them of the necessary access rights. Solutions that merely mark access rights as obsolete just by looking as the last time they were used are not able to effectively help who is in charge of managing access rights. The outcome, is that, often, without precise information and a proper analysis, a lot of redundant accounts are kept active. These accounts may be, indeed, improperly exploited to gain access to critical systems.

Sharelock employs ML algorithms and clustering techniques to provide recommendations on specific access right revocation, thanks to which is possible to dramatically reduce the number of redundant accesses and authorizations without hinder the work of a user that has the right to use a system. Behavioral analysis is also used to detect unusual actions and fix access rights of inactive accounts. That will reduce the risk of a an improper use of credentials in addition to improve your company security by removing high level credentials that are not necessary anymore.

Even an orphan account can be the access door for an attack. An orphan account is an account that does not belong to any users. For instance the account of an ex-employee. An unowned account is the perfect starting point for an attack. With Sharelock you will be able to identify orphan accounts, analyze their use and decide whether to delete or re-assign them, increasing your security level and decreasing licensing costs.

Another class of accounts that are highly appealing for hackers are privileged accounts, both service (employed by system processes or by applications that interacts with the operating system) and administrative accounts. These kind of accounts allow attackers to gain direct access to critical information exposing a company to theft and sabotage. Once again, behavioral analysis can easily spot changes of behavior , attempts to share credentials and privilege escalation preventing dangerous situations.

Anomaly detection, based on behavioral analysis is the most effective tool to detect unusual user actions. Our AI continuously learn behavioral patterns of both user and machines, building an all encompassing, ever evolving, real time view of your organization. This give you the means to detect deviations from the normal behavior and thus catch both already known and new cyber-threats.

The time has come to put identity at the center. The time has come to take into account “who” acts alongside “what” is being done. Because the “who” has been for too long forgotten. Only now we are fully aware that limiting our observation to “what” is being done, overlooking “who” is doing it, hamper our capacity to fully comprehend if and how much we are exposed to a cyber-threat. That is our mission, that is where Sharelock shines.

For more detailed information, please download the full document.

Just a Step Away! Enter Your Details to Grab Your Paper

Thank you! Here your Resource

download pdf icon

Download Resource Here

Oops! Something went wrong while submitting the form.
More Fresh Article