Is Identity At The Centre Of The Attack Path?

_Is Identity At The Centre Of The Attack Path_

With a rise in data breaches worldwide and in the Middle East, organisations must focus more on the value of Identity-first security.

In 2020, hackers breached the infrastructure of SolarWinds, a company that produces a network and applications monitoring platform called Orion, and then used that access to produce and distribute trojans to the software’s users. SolarWinds stated that its customers included 425 of the US Fortune 500, the top US telecommunications companies and accounting firms, all branches of the US Military, the Pentagon, the State Department, and hundreds of universities and colleges worldwide.

Attack on SolarWinds is a prime example of the need for identity-first security. “The SolarWinds attack demonstrated that we’re not doing a great job of managing and monitoring identities. While a lot of money and time has been spent on multi-factor authentication, single sign-on and biometric authentication, very little has been spent on effective monitoring of authentication to spot attacks against this infrastructure,” said Peter Firstbrook, research vice president at Gartner at the Gartner Security & Risk Management Summit in March. Gartner listed Identity-first security as one of its top security and risk management trends for 2021.

Identity has become more critical since COVID-19 pandemic has made physical boundaries irrelevant as more businesses have moved toward remote users and have also given users outside the organisation greater access to their internal systems. This disruption has surfaced weaknesses in many organisations’ Identity and Access Management (IAM) architecture and greatly accelerated its evolution, according to Gartner’s 2021 Planning Guide for IAM report

Spending for IAM is up as well. According to a March 2021 study of more than 1,300 executives sponsored by Ping Identity, about 70 per cent of global business executives plan to increase spending on IAM for their workforce over the next 12 months, as a continuation of remote work increases demand on IT and security teams. The study found that more than half of the companies surveyed have invested in new IAM products since the pandemic began.

Like any, the Middle East region witnessed rapid digitisation by transitioning to remote work and a fast track approach to a cloud-first strategy opened up new gateways for cyberattacks and other operational disruptions. Experts confirm that the year 2021 will be riddled with third-party risks, increased instances of shadow IT, growing vulnerabilities in digital communication networks and supply chains.

For many years, the vision of access for any user, anytime, and from anywhere  — often referred to as “identity as the new security perimeter” — was an ideal. Now, it is a reality due to technical shifts, coupled with increasing cyberattacks and remote workforce during COVID-19. 

According to the Identity Defined Security Alliance (IDSA), 94 per cent of organisations have experienced an identity-related breach at some point. It has become imperative for organisations to develop their cybersecurity programs by taking a security-first, least privilege view of identity-related risk to help eliminate security gaps.

Meanwhile, organisations have spent considerable time and money on technologies like biometrics, multi-factor identification (MFA), and single sign-on (SSO), which have helped make the sign-in process more secure, but hackers have long since figured out ways to defeat them.

In such a backdrop, it’s crucial for companies, as users of software, now to secure identities and start thinking about applying role-based access controls not just to users, but also to applications and servers.
When deploying any new software or technology into a company’s network, the question to be asked is what could happen if that product gets compromised because of a malicious update.

Organisations need stronger protections within the network, monitoring the effectiveness of these perimeter solutions by identifying when attackers may have circumvented them. 

Efficiency gains, security, and more control

Since the human factor combined with the increasing sophistication of attacks have made identities the primary attack vector, an identity management solution is crucial if organisations plan to combat this attack vector. Identity-first security puts identity at the centre of security design and demands a major shift from traditional LAN edge design thinking. Identity management directly impacts an organisation’s ability to remain competitive and agile — IAM will either enable your competitiveness or stand in the way.

The Microsoft identity platform, which is an authentication service, open-source libraries, and application management tools for developers, has grown at an unprecedented pace — from 300 million monthly active users in March 2020 to 425 million today. Organisations around the world have accelerated the adoption of security and collaboration apps.

Modern IAM solutions go beyond simple credential management, and include technologies such as machine learning, artificial intelligence, and risk-based authentication, to identify and block anomalous activity.

Managing identity across an array of software services and other network boundaries has become one of the most challenging aspects of the IT profession. Here are some identity management solutions available in the Middle East:

Microsoft Azure Active Directory

Microsoft is a power player in cloud services, and Azure AD can secure identities and authentication throughout your corporate infrastructure without significantly impacting management overhead, especially if you are invested in the Microsoft cloud platform. Passwordless usage in Azure AD alone had grown by more than 50 per cent year-over-year across Windows Hello for Business, Microsoft Authenticator, and FIDO2 security keys from partners like AuthenTrend, Feitian, or Yubico. Passwordless authentication can minimise or eliminate many identity attack vectors, including those exploited in the most sophisticated cyberattacks.

Also Read: Top 10 Cybersecurity Software For Enterprises

Okta Identity Management 

It is well-respected in the Identity-Management-as-a-Service (IDaaS) arena. Having both a features list that includes security policies that support MDM and geolocation, the ability to integrate multiple sources of identity data, and all packaged in a solution that is relatively easy to use, makes Okta one of the top IDaaS solutions in the market.

Attivo Networks ThreatDefend® Platform

It has made it easier for organisations to identify when an employee, vendor, or attacker using stolen credentials might be roaming around areas of the network for which they do not require access. Detecting suspicious activity inside the network is critical. The ThreatDefend platform allows users to identify unauthorised network scans, possible credential theft and reuse, and attempts to access or steal sensitive data. The platform can conceal real data and assets while creating false data, AD objects, and network assets designed to misdirect or entice attackers to trick attackers into giving away their presence. 

Centrify Identity Service 

Provisioning workflows, scripts, and custom reports are the capabilities offered by Centrify. Setting permissions in third-party software-as-a-service (SaaS) applications is another focus area, which gives organisations even more control over what their users can and can’t do. Another authentication option Centrify offers is the ability to connect with third-party providers, including competitors like Okta, Microsoft Azure AD, and more. This functionality is beneficial for companies needing to authenticate partners, contract employees, or even those involved in a merger or takeover scenario.