This Cybersecurity Awareness Month, Let’s Talk About Identity Security
Authored by: Carolyn Crandall, Chief Security Advocate, Attivo Networks – Cybersecurity Awareness Month is the perfect time to reflect on recent developments in the cybersecurity world. Amid the COVID-19 pandemic, attackers have done an excellent job identifying common vulnerabilities and exploiting them. Ransomware has skyrocketed, as have phishing and other social engineering-based attacks. Third-party attacks have also risen. SolarWinds is perhaps the most prominent example, but organizations like Accellion, Kaseya, and Volkswagen have all suffered significant third-party attacks within the past year.
If defenders want to stop these attacks, we’ll need to evolve as well. Part of what makes social engineering and third-party attacks so insidious is that they bypass traditional perimeter protections, entering the network directly—often with perfectly valid credentials. This Cybersecurity Awareness Month, organizations can benefit from examining their identity security capabilities and other in-network defenses. Is Active Directory sufficiently protected? Can existing security tools identify suspicious behavior even from those using valid credentials? This is the time to reflect on the current state of the threat landscape—and why identity security has become one of the hottest trends of the year.
Breaches Come with a Price
It isn’t always easy to calculate the specific costs of a data breach. The 2021 edition of the annual IBM/Ponemon Cost of a Data Breach Report currently places the average cost of a breach at roughly $4.24 million, but every breach includes less understood elements that are difficult to quantify. How much reputational damage was suffered? Will that lead potential customers, clients, or partners to avoid doing business with the victim? Will there be regulatory fallout, or even civil lawsuits? And of course, major breaches can be much more costly than the average incident. SolarWinds says that dealing with the massive breach it suffered late last year cost the company in excess of $18 million, but outside experts estimate that the global fallout could top $100 billion.
Why are these breaches happening? According to the 2021 Verizon Data Breach Investigations Report, credential data now factors into 61% of all breaches, and the human element factors into 85% of all breaches. Cybercriminals are going after credentials any way they can, whether by tricking employees into giving them away or finding exposed credentials sitting on unprotected endpoints. Unfortunately, obtaining valid credentials often enables attackers to move throughout target networks undetected, as most in-network defenses are not designed to identify suspicious behavior from those it believes to be valid users. With that in mind, it should come as little surprise that Gartner estimates that, by 2023, “75% of security failures will result from inadequate management of identities, access, and privileges.”. Stopping these attacks must be a priority.
Identity Security Is 2021’s Hottest Trend
There are plenty of identity access protection tools on the market, including Identity and Access Management (IAM), Privileged Access Management (PAM), and Identity Governance and Administration (IGA). This speaks to the urgency with which today’s organizations are seeking to shore up their identity security, and Cybersecurity Awareness Month provides a good opportunity to explore these tools and all they have to offer. These tools generally focus on authorization and authentication—making sure the right people have access to the right resources. Unfortunately, in today’s threat landscape, it is no longer enough to focus only on provisioning, connecting, and controlling identity access. Identity security must also cover credentials, privileges, entitlements, and the systems that manage them from visibility to exposures to attack detection.
Identity Detection and Response (IDR) technology focusses on identities and operates alongside Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Network Detection and Response (NDR), and other similar tools. Its purpose is to provide greater visibility into areas like credential misuse, entitlement exposures, privilege escalation, and other common activities that attackers seek to exploit or engage in within the network. This effectively closes the gap that has existed between endpoint security and identity access management solutions. Despite the relative newness of the IDR category—new research by Enterprise Management Associates (EMA) shows 27% of enterprises are already using IDR tools to protect against advanced attacks.
Identity security solutions provide a considerable boost to identity protection in a number of ways, with many solutions providing much-needed visibility into credentials stored on endpoints, Active Directory (AD) misconfigurations, and cloud entitlement creep. AD and cloud environments have both proven popular targets for cyberattackers, and AD’s relative vulnerability to the cloud’s propensity for misconfiguration drives home the need for tools capable of adding a new layer of protection. Identity security will continue to be an area of focus as attackers find new and innovative ways to exploit these vulnerabilities. And as identities continue to expand beyond users and into device, application, server, data, and other identities, the value of both IDR and identity exposure visibility tools will only continue to grow.
Keeping the Focus on Identity
Identity security isn’t the only cybersecurity trend worth watching, but it is one that has garnered considerable attention this year as attackers continue to exploit credential theft, AD vulnerabilities, cloud misconfigurations, and other identity-based threats. Today’s enterprises need to step back and assess their identity security capabilities, including any gaps in coverage that attackers could potentially exploit. The Attivo new IDR and identity Active Directory and Cloud Infrastructure Entitlement Management (CIEM) visibility tools have the ability to close many these unattended to identity risks and gaps, providing a network visibility boost and the ability to detect live attacks in real time. Attackers have tasted the success of identity-based ransomware attacks and will continue to launch these attacks relentlessly unless businesses begin to adopt new innovations that are designed to curb their momentum—Cybersecurity Awareness Month is the perfect time to raise visibility around the issue and the steps to take to do something about it.
Register for our upcoming webinar, “Visibility and Invisibility of Credential Protection” with Frank J. Ohlhorst, tech industry journalist and principal analyst for emerging and disruptive technologies at Media Ops, and Carolyn Crandall, chief security advocate at Attivo Networks.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise