Stack Identity SARA prioritizes cloud and data security risks

Stack Identity announced its new Shadow Access Risk Assessment (SARA) — a free product that provides users with a daily report of Shadow Access risks in their environment.

The rapid proliferation of large language models (LLMs), ChatGPT and other AI-driven applications have significantly expanded access to enterprise data, leading to a surge in entitlements and privileges granted to both human and non-human entities.

Shadow Access — or unauthorized, invisible, unmonitored and unintended access — has rapidly become one of the most pressing challenges for organizations safeguarding valuable data in the cloud. Data from Verizon states that 80% of all breaches involve existing credentials or identities in the system.

The complexity and scale of cloud identity, access and entitlements makes it extremely difficult for security practitioners to understand and quickly identify the most pertinent risks. An IBM report found that the average data breach took an alarming 212 days to detect and a whopping total of 287 days to contain entirely.

Cloud security practitioners are tasked with bridging the security gaps in a fragmented system. Practitioners need to ensure proper access for both human and non-human identities to the relevant data and systems, while maintaining crucial visibility into potentially weaponizable access pathways and entitlements.

Stack Identity recognized that few products on the market directly addressed the needs of overburdened security engineers who deal with constant alerts, false positives and an overwhelming amount of data spread across multiple tools and systems. To address this gap and eliminate the need for piecemeal manual tools and processes, Stack Identity invented SARA.

SARA deploys directly into a customer’s cloud environment to comprehensively assess and analyze different cloud events and identify emerging Shadow Access risks. With SARA in place, customers receive a daily email recapping any new threats that have originated in the past 24 hours and a call to action so security practitioners can spend their precious time on remediating Shadow Access rather than detecting it.

“The fundamental law of cybersecurity is you can’t protect what you don’t know about, and this is especially important when you consider that identities provide the literal keys to the kingdom,” says Jack Poller, senior analyst at Enterprise Strategy Group. ”Understanding the dynamic and changing nature of which identities have access to sensitive data and critical resources is crucial for reducing organizational risk.”

Since many security and compliance controls prohibit access to SaaS monitoring tools, SARA is deployed and runs locally within a customer’s on-premise trust boundary. Due to its automated detection capabilities and daily summaries of contextualized risks, SARA dramatically reduces customers’ MTTD (Mean Time to Detect) by 60% to 80%.

“We developed SARA to ease the burden of identity threat detection for security practitioners across industries,” says Venkat Raghavan, CEO of Stack Identity. “Rather than spending valuable time manually compiling data, SARA users receive a comprehensive, daily assessment of Shadow Access risks, allowing them to focus their time on eliminating security threats instead of uncovering them.”

Shadow Access is difficult for organizations to detect and easy for hackers to exploit – and at a fundamental level Shadow Access breaks zero trust architectures. As organizations continue to share data in the cloud, their digital attack surface will continue to expand. This makes the need for advanced risk management capabilities greater now than ever before.

More about

Don't miss