Building Resilience Against Identity-Born Attacks
By Kiersten Putnam | Trace3 Senior Innovation Researcher
The MGM breach was one of the most notable cyber-attacks in 2023. Perhaps most memorable about this attack was the path which the hackers took to gain unauthorized access to sensitive information and laterally progress through MGM’s environment.
They did so while collecting stored passwords and accessing apps through the Okta server. What this attack taught us is that there are many blind spots throughout the identity security lifecycle that attackers will leverage to perform lateral movement through on-premise and cloud environments, compromising both cloud and data security.
MGM may be the most famous attack but, unfortunately, we learned that other organizations last year experienced very similar social engineering and identity-based attacks. These attacks are making headlines and placing more attention on organizations’ current identity security posture.
Our team has made this one of our big themes for 2024 and, in continuation of Trace3’s Innovation Team 2024 Enterprise Technology Themes series, have created this blog to dive into the techniques for strengthening identity security measures and overall security.
Renewed interest in fundamental identity capabilities
Following our 2024 theme classifications, we are calling this theme both an investment and an adoption trend. Some of these identity security techniques are still emerging and will evolve as they mature. At the same time, more established use cases are gaining more and more adoption with the concerns that identity-based attacks bring to organizations.
Strengthening identity basics: Enhancing authentication and authorization
When first responding to the news of these identity-based attacks, many organizations are starting with the basics—examining their current identity architecture and where it can be further enhanced. Below are various investment and adoption trends we are tracking across the identity fabric as a result of the push for increased identity assurance.
When considering authentication, it has been long understood that the password is not the most secure form of authentication. To strengthen this, our Innovation team has noticed an adoption trend in passwordless authentication, basing authentication on something a user knows, has, or inherently is—thus verifying user identity.
If you are interested in learning more about the passwordless trend, check out our blog on the passwordless boom.
Moving beyond authentication and into authorization brings us to the trend of adaptive access. This just-in-time nature eliminates the concern for over-permissive access rights to sensitive information by providing users access privileges to resources as they are needed and only for the time required. Both existing and emerging solutions are evolving to provide flavors of this just-in-time access for a variety of different resources.
Finally, it’s important to note that identity assurance is not only needed in human identities but also within non-human machine identities. As a result, we are tracking investments in machine identity solutions that provide authentication from a variety of different angles, including secrets management, multi-factor authentication for machines, orchestration, and so on.
Based on the distributed attack surface identity fabrics create, fundamental authentication and authorization capabilities are a natural place to continuously enforce identity assurance and enhance security against identity-based attacks. They will provide the building blocks for ensuring your users are who they say they are through identity verification and decrease the likelihood of a breach.
Surge of Interest in Identity Security Posture ManagementThe surge of interest in identity security posture management
Advancing past the fundamentals of identity, consistent visibility and gap analysis across the identity fabric is an essential security measure in providing timely context in the case of a breach. Identity security posture management is a term our Innovation team uses to describe the surge of investments and client interest in both identity hygiene and identity security solutions.
Creating consistent visibility and gap analysis may seem like a long-term goal in your overall identity access management strategy. To help kick-start these efforts, solutions are providing a snapshot of your identity fabric’s hygiene. By aligning to internal data practices, identity hygiene solutions can identify metrics, including excessive permissions, inactive privileged identities, and lurking users. These give organizations a great check on how their access management is performing and a prioritized list of areas to improve.
Moving beyond hygiene, security solutions are proactively identifying risks left by disparate identity tools. One use case gaining attention in this space is identity threat detection and response (ITDR). These solutions provide an investigation into identity-based breaches and remediation recommendations. As the identity fabric is vast, so are ITDR capabilities with solutions differentiating in their support across Cloud Infrastructure Entitlement Management (CIEM), Extended Detection and Response (XDR), and Active Directory.
When these use cases are combined, they can provide a holistic view of an organization’s identity security posture, hence explaining why our team analyzes them together. Although many of these use cases currently are stand-alone, our team expects they will be folded into larger identity security suites as investments and adoption continue to rise.
Additional supplemental technologies
While enhancing fundamental identity capabilities and evaluating technologies specifically within the identity fabric may seem like the obvious answer to preventing identity-based attacks, other supplementary technologies are also important.
These social engineering attacks demonstrate how humans and identities remain a weak link. To continue creating a defensive security strategy, your security team and their training will be essential in ensuring your workforce is aware of the latest attack techniques and ready to be your frontline defense.
Strengthen your identity fabric with Trace3
Identity attacks are on the rise. As these identity attacks become more and more common, our Innovation team is collecting the latest techniques to strengthen your identity fabric and provide guidance on security strategies.
If you’d like to continue the conversation, feel free to reach out to us at innovation@trace3.com and continue following our Trace3’s Innovation Team 2024 Enterprise Technology Themes series. Or, visit our Identity and Access Management page to learn more.
Solutions
Kiersten Putnam is a Senior Innovation Researcher at Trace3. She is passionate about new innovative approaches that challenge traditional processes across the enterprise. As a member of the Innovation Team, she delivers research content on emerging trends and solutions across enterprise cloud, security, data, and infrastructure. When she's not researching, she is either exploring the surrounding areas of Denver, Colorado where she lives, or planning her next trip abroad.