Divvya: What is Identity Security?
Vishwak: Identity security is just like a virtual bodyguard for our digital lives. It involves protecting the identities we use in the digital world to ensure our information is safe preventing unauthorized access and keeps our online activities secure.
It operates on the principle that any identity, be it an IT administrator, remote worker, third-party vendor, device, or application, can become privileged under specific circumstances, creating a potential pathway for attackers to target an organization’s most valuable assets. To address this, an Identity Security approach, built upon the foundation of privileged access management, ensures the security of all identities, whether human or machine, throughout the entire process of accessing critical assets.
A comprehensive Identity Security approach encompasses accurate authentication of each identity, authorization with appropriate permissions, and structured access to privileged assets in a manner that can be audited for accountability. It should enable organizations to secure access across any device, anywhere, at the optimal time, striking a balance between security and productivity.
Divvya: Why is Identity Security Important?
Vishwak: Well, in simple words, the primary importance of identity security is to prevent hackers or attackers being mistaken for you. Imagine a hacker stealing your identity and ordering 100 pizzas in your name. Nobody wants an unknown evil twin creating havoc with pizza overload. Identity Security keeps yours and your business reputation intact.
Identity Security has grown in relevance in recent years as attackers have increasingly targeted identities as a crucial weakness. To gain a competitive edge and provide excellent digital experiences to customers, organizations have quickly adopted cloud-based technology and services. Remote and scattered workforces are also supported more. These trends, especially those accelerated by 2020, have enlarged the threat landscape.
New dimensions of threats include the severe risks associated with cloud console access, excessive cloud entitlements, and embedded DevOps and application secrets. Studies indicate that 79% of enterprises have experienced an identity-related breach in the past two years, with incidents like the SolarWinds digital supply chain attack involving the compromise of identity and manipulation of privileged access. In light of these evolving threats, identity has emerged as the new security battleground, and an “assume breach” mindset based on the principles of Zero Trust has become crucial.
Divvya: Why should organizations prioritize Identity Security?
Vishwak: Well, identity security helps organizations to maintain a healthy lifestyle. Analysis of different studies and sources shows that identity theft is the cause of 80% of security breaches. Modern attacks often go around traditional “kill chains” in cyberspace by directly using stolen credentials to move laterally and start more damaging attacks.
Unfortunately, it’s hard to find identity-driven threats. When a real user’s credentials have been stolen and a hacker is pretending to be that user, it is hard to tell the difference between the user’s normal actions and that of the hacker with traditional security tools and methods.
Also, the COVID-19 spread helped speed up the move to a digital workforce. This has made many organizations much more vulnerable to attacks. This makes it even more important for businesses and their assets to have strong and flexible identity security solutions that protect them from threats that could come from remote workers using home networks or devices.
Identity security is often seen as an organization’s last line of defense against attackers who have already gotten around other security measures.
Divvya: How does Identity Security differ from Zero Trust?
Vishwak: In simple words, identity security establishes trust based on identity verification, while zero trust continuously re-evaluates trust based on context and behavior. Zero trust assumes no inherent trust and continually assesses risk. The main tenet of this design can be summarized by the phrase “never trust, always verify.”
Zero Trust is a cybersecurity framework that focuses on strengthening the infrastructure of Identity and Access Management (IAM) and encompasses applications, data, devices, transport/sessions, and user trust. The technology-centric design assumes the absence of inherent network advantages and fortifies identity management systems, particularly those deployed in multi-cloud environments.
Divvya: How is Identity Security utilized?
Vishwak: Identity Security is employed to empower workers and customers with easy and secure access to applications and resources from any device, location, and at the appropriate time.
Users should have a seamless experience with robust password-less authentication, while AI is leveraged to keep threats at bay.
Divvya: Name a few Identity-based attacks.
Vishwak: There are many, however, I’m going to mention only 3 of them.
- Golden Ticket Attack: In this type of attack, an attempt is made by the hacker to gain almost unlimited access to an organization’s domain by exploiting user data stored in Microsoft Active Directory (AD).
- Kerberoasting: The goal of the post-exploitation attack technique known as “Kerberoasting” is to get access to a protected Active Directory (AD) service account by guessing its password.
- Pass-the-Hash Attack: This cybersecurity attack involves an adversary stealing a hashed user credential and using it to create a new user session on the same network.
Divvya: Where does Active Directory (AD) hygiene fit into Identity Security?
Vishwak: We all know that a robust identity security solution should encompass strong AD security capabilities, providing deep, continuous, unified visibility of all users across the enterprise, along with real-time detection and prevention of malicious AD attacks.
However, Active Directory (AD), developed by Microsoft for Windows domain networks, is often considered one of the weakest links in an organization’s cyber defense strategy. As a widely used identity store relied upon by over 90% of Fortune 1000 organizations, it becomes a prime target for adversaries seeking to breach networks, move laterally, and escalate privileges.
When Active Directory (AD) is breached, the entire identity infrastructure is put at risk, which could result in anything from data loss and system takeover to ransomware and supply chain disruptions.
Hence, AD hygiene is an integral component of identity security, ensuring the integrity of user identities.
Divvya: What are the four pillars of Identity Security?
Vishwak: Interesting question. Identity protection is of paramount significance in the current digital environment. As the digital landscape continues to change, it is crucial to remain vigilant and proactive in instituting and adapting identity security measures to stay ahead of potential threats. The four pillars constitute the basis of a solid identity security framework.
- Seamless and secure access for all identities: Ensuring that all identities are granted just-in-time, secure access to services, applications, and resources when needed, from any location and on any device.
- Intelligent privilege controls: Privileged access management (PAM) solutions form the foundation of an Identity Security platform, offering intelligent controls to secure credentials and enforce the principle of least privilege.
- Flexible identity automation and orchestration: This pillar’s primary focus is on securing and managing access to web services and embedded secrets utilised by apps, DevOps, and automation tools across the course of their respective identities’ lifecycles.
- Continuous threat detection and protection: Continuously detect identity threats and apply appropriate Identity Security controls based on risk, in alignment with the principles of Zero Trust.
