Attivo Networks Blogs

Invest in Advanced Identity Detection and Response Solutions

By Carolyn Crandall, Chief Security Advocate, Attivo Networks

The perimeter disappeared when remote working came along, and all the security mechanisms for protecting information assets behind a firewall, were no longer adequate. The attack surface has broadened to include home networks, and the attack vectors are directed towards home users. There are also devices and applications that are connecting to the enterprise network, from outside. Identity management becomes crucial in this scenario. Enterprises need to invest in Identity Detection and Response (IDR) solutions to secure the broadened attack surface (and remote workers).

Enterprises will increase their investment in identity security solutions. The rise in third-party attacks, remote working security risks, and the continuing evolution of ransomware have driven home the fact that traditional security solutions are no longer enough. And while existing solutions like Identity and Access Management (IAM), Privileged Access Management (PAM), and Identity Governance and Administration (IGA) provide basic identity protections, their focus on authorization and authentication leave gaps for attackers to exploit. To close these gaps, enterprises need to be investing in Identity Detection and Response (IDR) solutions capable of providing expanded exposure visibility and detection specific to credential misuse, excess entitlements, privilege escalation, and other common identity-based attack activities. 

Misdirection and concealment capabilities rise to the forefront of cyber defense. With the assumption that attackers can and will get inside networks, companies will see a greater need for in-network lateral movement prevention and privilege escalation defense measures. Uncovering and derailing attacks in real-time requires proactive concealment to hide and deny access to assets (credentials, Active Directory objects, and data) and decoys to misdirect attackers away from their targets. With the speed of attacks today, businesses need proactive visibility and measures that detect attacker lateral movement. The focus centers on preventing the attacker from breaking out from its initial infected system regardless of whether it is a managed or an unmanaged device.

Ransomware defenses must get a badly needed refresh. Ransomware 3.0 is here. Characterized by double extortion, where cybercriminals not only encrypt files but also leak information online, it can drastically impact everything – the company’s image, profits, and stock price. There’s no longer a one-size-fits-all approach to defending against these attacks. With over 300 variants, stopping ransomware requires a multi-faceted approach. One that starts with protecting Active Directory and privileged credentials. In 2022, organizations will be unable to understand how each group operates and, instead, will need to improve their visibility to exposures and add detection measures based on technique. Setting up traps, misdirections, and speed bump lures along the way will also serve as strong deterrents to keep an attacker from being successful.

Read the original article on CISO Mag.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free

FAST AND EASY

Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial

GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY

  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise

RSS

Leave a Comment

Your email address will not be published.

three × 2 =

Ready to find out what’s lurking in your network?

Scroll to Top