Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
July 18, 2023
Identity-based attacks are on the rise. Research sponsored by the Identity Defined Security Alliance (IDSA) found that 79% of respondents had an identity-related breach within the past two years. In fact, identity compromise and misuse are central to almost every cyberattack. Malicious actors no longer need to breach a firewall to enter a network; they just need to compromise an identity.
Identity-based attacks make use of compromised credentials, over-privileged users and gaps in visibility. They exploit hidden attack paths that are harder to detect than traditional code-based exploits. As such, threat actors are highly motivated to exploit the identity sprawl caused by cloud adoption, the proliferation of non-human accounts and the use of disparate systems to manage identities.
Attackers have been quick to apply the well-known “land and expand” techniques to these environments. They capitalize on the lack of visibility and lack of unified identity telemetry many organizations experience regarding cloud/multi-cloud and hybrid environments.
Distinguishing between how a legitimate user is leveraging an identity and the misuse of that identity by an unauthorized user is often nearly impossible. By compromising an identity, a threat actor can essentially impersonate a user to access resources, compromise systems, move laterally and compromise further identities to gain higher levels of access and privilege.
The most pervasive factor preventing organizations from effective identity-related risk mitigation is a lack of continuous visibility of identities across all systems, especially on rapidly expanding cloud systems. Even for known identities, there is a lack of understanding around the privileges and entitlements associated with identities. This problem is then compounded by dynamic environments where new users, systems and integrations are constantly creating new attack paths on top of existing misconfigurations that can mask the activity of threat actors.
Today, organizations need to identify, eliminate and audit attack paths in their dynamic, modern IT environments. These are all keys to reducing the attack surface, uncovering unknown risks and remediating incidents independently from malicious code detection.
Identity Threat Detection and Response (ITDR) represents a significant opportunity to accomplish these security objectives, bridging the gap between IAM and security teams. By combining cyber threat intelligence, detection, investigation and response in one security discipline, organizations are much better poised to defend their identity infrastructures.
The best strategy is to layer up an integrated ecosystem that helps you proactively reduce your attack surface. Here’s how to build an ITDR response that can stop an attack in its tracks:
1. Build a strong foundation.
Without getting the basics right, you risk undermining your own investment. Before you start chasing the next-gen, cyber buzzword, ensure that you have visibility and control of the devices and software that make up your identity infrastructure, and make sure that these are following good practices. After all, you don’t want an unpatched domain controller to be exploited and undermine your efforts.
2. Ensure you have good visibility and control over identities and access.
In so many identity security breaches that hit the headlines, a threat actor was able to compromise an over-privileged user and use VPN access to move laterally, elevate privileges further and cause widespread damage without needing to write an exploit. This is where identity governance, identity lifecycle management, privileged access management and cloud infrastructure entitlements management all come into play.
3. Build in practices to continuously audit the controls you have in place following best practices, and to ensure gaps or shadow infrastructure are not emerging.
The challenge here can be how to gain visibility into all identities while being proactive and ensuring best practices are being followed — especially when you have a range of disparate systems across cloud and on-premise. While you can try and script this, manually trawl through systems and data looking for misconfigurations, or buy point solutions that focus on things like AD hardening, this can be very resource intensive and can still fail to keep pace with threats in increasingly dynamic environments.
Tools like identity security insights from BeyondTrust are designed to be an additional layer of intelligence that integrates into your ecosystem and exchanges data to automatically give you that unified view of identity and provide recommendations that can be used to proactively reduce risk.
4. Layer on detection.
Once you have those solid foundations in place, you can layer on detection to take your identity security program to the next level. This allows you to bridge the gaps between identity and access management (IAM) solutions and SOC tools.
Again, you can try to bridge this gap yourself by feeding identity data into SIEM and XDR tools, but these often lack the depth of visibility into an identity. For example, what level of privilege and access does the identity have in the event of a successful MFA fatigue attack? Does this identity have access to other delegated or machine accounts that could inflict significant damage?
Lean into tools that can provide you with a level of insight and intelligence that can help you answer these questions quickly to find and contain the blast radius of a compromised identity.
With this in place, you now have the visibility of identities and the capability to respond, so look for the tools, signals and integrations that will allow you to reactively detect and respond to identity security threats in as automated a manner as possible. Look to build out identity security Indicators of attack/compromise and utilize user behavioral analysis to better detect attacks as a secondary layer of defense.
5. Build your playbook
Finally, build out your identity threat playbook so you know how to respond to identity threats and can automate as much as possible.
Optiv Security: Secure greatness.®
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Let us know what you need, and we will have an Optiv professional contact you shortly.