Authored by: Carolyn Crandall, Chief Security Advocate, Attivo Networks – Identity-related breaches are making headlines almost every day, leading to expensive costs and reputational damage. In recognition of the growing importance of secure and effective identity management solutions, Attivo Networks will join organizations worldwide to celebrate Identity Management Day on April 13. Identity Management Day is a reminder to make identity management and digital identity security a priority and share best practices that organizations and consumers can use to reduce the risk of a data breach and potentially damaging data loss. This blog is about helping everyone understand identities better, as well as some tips for getting started on improving your network’s identity management and security capabilities.
I’ll now go into some Q&A that digs deeper into the topic.
Q: What does “identity” mean?
A: “Identity” is a fairly broad term, but at its core, identities provide a distinct way to recognize people, accounts, groups, organizations, and systems in a network environment. For this blog, and in alignment with Identity Management Day, we will focus on enterprise identity (as opposed to consumer identity). An enterprise identity typically includes a set of information used to identify a particular entity on the network. These identities can be human or machine and often get referred to as credentials.
Credentials are defined attributes used to verify the identity and enable access to areas of the network. Authorization validates and approves that access based on those credentials, while authentication serves as a further validation point, ensuring that the correct entity uses the credentials. One step further is entitlements, which determine whether the user is entitled to access information, even if their credentials are legitimate and valid.
Q: Should I be concerned and prioritizing identity protection?
A: Identity-based attacks are on the rise, with a slew of identity-based breaches making headlines over the past year. Recent research by the IDSA paints an even more disturbing picture, revealing that 79% of organizations have experienced an identity-based breach within the past two years. That research further indicates that 99% of victims believe that they could have prevented these breaches, highlighting the need for greater identity security.
Q: What are the basics of identity management protection?
A: There are many identity security solutions that organizations can turn to for identity-based security. These can include solutions for Identity Access Management (IAM), Privilege Access Management (PAM), Identity Governance and Administration (IGA), as well as a variety of visibility and scalability solutions and an emerging category of Cloud Infrastructure Entitlement Management solutions (CIEM) or Cloud Permissions Management.
Each of these plays a unique role in securing identity authentication and authorizations. What is subtlety missing is protecting identities in employee and administrator credentials for Active Directory, which provides directory services to over 90% of Global Fortune 1000 enterprises. Security professionals often refer to this as Active Directory Protection or Directory Assurance Management. Protecting credentials and privileges should be a key element of every identity program.
Q: Why is it relevant to Attivo Networks?
A: The word identity management encompasses many things and differs in context between consumer vs. enterprise. Attivo Networks provides enterprise identity protection solutions and uniquely protects against identity credential theft and misuse, attack privilege escalation, and lateral movement. Additionally, the solutions provide visibility for removing risks related to excess entitlements, configuration errors, exposed credential attack paths, and unauthorized access attempts. Attivo identity protection products will conceal credentials, data, and Active Directory objects and return fake information that misdirects attacks into decoys. This comprehensive protection spans from endpoints to Active Directory to clouds for optimal scalability.
Q: Does that mean proper identity management is complicated?
A: Unfortunately, most security professionals and IT teams would unanimously say “yes!”. The general principle is fairly straightforward: providing access should follow what we call the “principle of least privilege,” which states that a given identity should only have the minimum level of access it needs to perform its essential functions. This principle is a key tenet of the Zero Trust security model, which has gained increased popularity as organizations look for ways to more effectively protect their networks.
Given the overhead and complexity to manage all of these human and machine entities, they will get put into policy groups. These Group Policy Objects (GPOs) allow administrators to categorize people and assign entitlements. However, complexities still exist as people change roles or leave a company, contractors come and go, and M&A occurs. Managing access can also be very complex, as old policies often get abandoned and new ones get created, which causes unknown or misunderstood security risks. Credentials are also found orphaned or exposed on endpoint systems, which can create attack paths to identity stores like Active Directory. Shadow admin accounts will also create another layer of identity risk if they can create dangerous delegations. [See ThreatPath]
There are many different elements involved in identity protection and vast differences between vendor solutions. It’s also important to understand that networks have evolved rapidly, especially amid the shift to remote work over the past year. Understanding how traditional network security solutions fit together with emerging technologies isn’t always easy, but closing the potential security gaps they may leave is essential.
Q: Where does Active Directory factor into all this?
A: Having a Directory Assurance Program is critical for Active Directory (AD) because it is essentially the GPS for the entire network. It handles authentication, identity management, and access control for the enterprise, making it a prime target for attackers looking to escalate their privileges. Unfortunately, because users need to access AD regularly for basic operations, it can be challenging to secure. Traditional security tactics like policy and log management are manual, complex, and limited in their effectiveness. Taking steps to remediate potential vulnerabilities can also be a challenging and drawn-out process. Despite all of this, regularly assessing and detecting live attacks on AD is critical. The loss of administrator privileges or Domain Control can have a material and long-lasting impact on a business. [See ADAssessor]
Q: So, I need more effective identity management, and I need to protect AD. Is there any advice you can give to help me get started with my corporate network?
A: Start by learning about today’s identity management tools. Privileged Access Management (PAM), Identity Access Management (IAM), and Identity Governance and Administration (IGA) can all be complex, and unfortunately, misconfigurations can result in dangerous security gaps. Equally unfortunate is that these tools lack the controls needed to prevent attackers from exploiting AD. If attackers compromise AD, they have the keys to the kingdom. Victims might fall prey to a ransomware attack, a disruption of service, corporate espionage, or other forms of attack, all of which can have serious consequences.
Preventing these consequences requires continuous AD vulnerability assessment, live attack detection, and the ability to identify exposed administrator credentials. Tools like ADSecure and ADAssessor can provide this functionality, working in harmony with existing security controls to provide in-network identity management and security support and make it harder than ever for attackers to escalate their attacks by compromising AD.
Q: Is there anywhere I can go to learn more about this topic?
A: You’re in luck: Attivo Networks will be hosting an educational webinar in collaboration with Cyber Defense Media on the topic of protecting Active Directory. The webinar will include an independent, third-party review of our new ADAssessor technology, highlighting the visibility it provides to those vulnerabilities that attackers seek to leverage. The webinar will also demonstrate how you can most effectively use ADAssessor for live attack detection, which is a critical component of stopping attackers from compromising AD. If you’re looking for ways to improve your identity management capabilities, protecting AD is a must—and this webinar is a great place to start.
Q: How can my organization and I get involved with Identity Management Day?
A: To learn more about how to get involved with Identity Management Day 2021, you can visit www.identitymanagementday.org. You can also look for the #IDMgmtDay hashtag on both Twitter and LinkedIn.