Identity Management is the New Perimeter

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories.  Sergey Medved of Quest Software examines why, in the wake of SEC charges against SolarWinds, enterprises need to shift their focus to identity management.

Recent SEC charges against the CISO of SolarWinds shook many in the cybersecurity industry as they made real the long-lasting consequences of cyber incidents. The charges also focused attention on the method used to leverage compromised SolarWinds systems way back in 2020: abuse of privileged accounts. Once attackers gained access to the privileged account status of SolarWinds deployments, they were able to do essentially whatever they wanted within numerous SolarWinds customers.

The memories the SEC action conjures are needed, as many organizations are still working to get full control over privileged access to their systems. In fact, many are now considering a broader approach to identity management in general, when thinking about securing privileged identities. With the demise of workplace physical computing perimeters, due to factors such as cloud migrations and dispersed workforces, identity has become the real new enterprise computing perimeter.

Once an attacker is able to get past an identity and log into a system, there are numerous ways they can infiltrate further, interrupting operations or stealing sensitive information. CISOs must adapt their cyber risk strategies to this new reality by understanding how educational gaps have gotten us where we are, why identity threat detection and response visibility will make or break their cyber defenses, and how to better leverage cloud and AI-powered technology to protect all identities.

Identity Management is the New Perimeter

How Did We Get Here?

Identities are increasing in number, and while many organizations recognize the identity management need, they are still getting breached. 90 percent of organizations have experienced at least one identity-related breach in the past year, according to the Identity Defined Secure Alliance. With so many accounts created by bot machines and multiple user accounts across organizations, identity sprawl makes many accounts vulnerable to being compromised.

Identity management complexity only exacerbates the problem. A typical enterprise company may be deploying multiple identity and access management (IAM) products. This puts multiple identities into multiple clouds as well as on-premise – and with different solutions overlapping each other, it’s all too easy to miss critical context. If something changes in one cloud, something else may change in another, making it difficult to correlate activity. Additionally, because overlapping identity frameworks are spread across complex enterprise technology environments, and often supported by insufficient budgets, attackers are catching on, capitalizing on the likelihood of vulnerabilities and the inability of a sprawling tech stack to catch them.

The Remedies: Prioritize Identity as the Biggest Attack Surface Risk Across Your Org

Addressing the challenges with identity management needs to happen at both a cultural and technological level within organizations. Education is one of the key areas to shift people’s understanding of security threats and recognize that identities are one of the most at-risk parts of the attack surface. Threat actors are looking for the easiest way in, and their method of choice is sending phishing emails and text messages. It’s important for users to understand the risks that come with clicking on phishing messages – even more so, they need to understand what phishing is to begin with. Key to an incident response plan is an educational component to empower users as informed participants in email security. While this doesn’t make organizations completely bulletproof, it is one of the most effective ways to catch and stop phishing attacks early.

At a strategic and technological level, organizations today need to be looking for next-generation identity threat detection and response systems that work across their complex, hybrid infrastructure and can help them reduce identity sprawl. Key to this search is evaluating solutions that incorporate AI in the right ways. AI, particularly generative AI, can be beneficial for understanding data correlation and generally automating repetitive tasks. It can also help with various forms of threat detection response by taking a deeper look into an organization’s systems, making it easier for teams to identify and flag high-priority incidents. More than raising the alarm, AI can also introduce new efficiencies to help free up security analysts drowning in investigating red and yellow flags from low-priority work – and allowing them to focus on making higher-level decisions. AI helps explain certain trails and why attacks are happening, what additional exposures may look like, and what’s next; security teams can leverage that to more effectively secure the identity attack surface and stay ahead of threats.

Understanding the Common Goal

As CISOs begin to adapt their cyber risk strategies to this new reality, it’s important that they create a company culture that is centered around cyber resilience. To accomplish this, there needs to be a universal understanding that identity is still a crucial attack vector, especially with the number of identities growing across organizations– resulting in identity sprawl. Incorporating an incident response plan with strong educational components, particularly around email security, should be prioritized, helping users understand what they should and should not click on to prevent vulnerabilities. Finally, looking forward, identity management solutions are evolving, and organizations need to take a fresh look at next-gen technologies, such as those involving AI, to stay ahead of threat actors, empower security analysts to take on more work without burning out, and protect all identities.