The evolution of identity-first security

Earlier this year, Gartner named identity-first security as one of the top security and risk management trends for 2021. Companies have been moving away from traditional LAN edge approaches, and now identity lies at the center of security strategies.

Multi-factor authentication (MFA) and single sign-on (SSO) have been successful in further securing the sign-in process, moving beyond the traditional username and password combination. However, this is no longer sufficient to protect against sophisticated and skilled attackers using legitimate credentials and entitlements to gain access to the resources and data they need.

Instead, companies must adopt a new layer of control – one that is based upon identities and their access versus an asset defense. Identity protection systems like identity access management (IAM), privilege access management (PAM), and identity governance administration (IGA) are focused on making sure that the right people can get uninterrupted access to the things they need to access. Alternatively, identity detection and response (IDR) solutions focus on securing the credentials, privileges, and the systems that manage them.

Evidence of weakness

The catastrophic consequences of not prioritizing identity-first security are clear. The SolarWinds attack is a prime example of these consequences after modified SolarWinds products gave attackers a backdoor into multiple business networks.

These criminals bypassed any perimeter defenses those companies had in place to breach their networks, allowing them access to data files with sensitive information. The attacker’s unnoticed access also allowed them to jump from on-premises systems into their cloud environment.

Without IDR defenses, businesses will struggle to prevent attackers from accessing profitable targets, such as Active Directory (AD) and detecting attackers masquerading as employees.

While companies have increasingly devoted resources to strengthening their log-in systems through MFA and SSO, they have not paid much attention to systems monitoring and identifying threats to these solutions. They also don’t have the tools to see policy drift, where policies have been set but are not being correctly followed. Now though, protecting identities and their system gateways must become a priority.

Maintaining broad security coverage

Recent technological advances have given businesses greater visibility into their systems and potential attack paths that create risk. Now companies can identify when someone is using stolen credentials– whether an employee, supplier, or attacker – to navigate the network successfully.

Threat detection platforms based on deception and concealment technologies can also be used to hide real assets from attackers’ view and identify unauthorized network scans, credential theft, and attempts to access or steal sensitive data.

Incorporating misdirection technology, which provides false data, AD objects, and decoy network assets, can also provide valuable company-centric threat intelligence on tactics, techniques, and procedures (TTPs) and indicators of compromise (IoCs). As remote working looks set to continue, these capabilities to detect in-network privilege escalation and lateral movement will only grow in importance, as will the ability to trick attackers into quickly revealing their presence and derailing their attack.

The importance of Active Directory

Often seen as merely “plumbing”, Active Directory does not always receive the necessary focus from companies regarding its security. However, when more than 90 percent of Global Fortune 1000 organizations use AD for authentication, identity management, and access control, it naturally needs to prioritize an identity-based defense.

Attackers and Red Teams consistently see AD as an easy target. Unfortunately, once criminals achieve access to AD, they can move laterally through the network using stolen credentials. Privileged access exploitation is an element in 80% of known security breaches, including the SolarWinds and Microsoft breaches. Losing domain administrator control over the AD environment is also seen as a “game over” situation.

Investing in identity security is a critical key pillar of security today. Having an identity-first security posture will require organizations to invest more in credential, AD, and cloud infrastructure entitlement defenses, to gain improved visibility. This will allow businesses to understand credential-based attack paths, see credential misuse, risky exposures, and vulnerabilities.

Ensuring that identities within the businesses and the systems that manage them are protected is clearly a hot trend for the remainder of 2021 and will undoubtably remain a priority throughout 2022 and beyond.