What You Need to Know About Identity Threat Detection and Response
Today, every business is faced with the challenge of protecting an ever-expanding digital footprint. Furthermore, the move towards remote working and digital transformation has created new and more complicated security challenges. Against a backdrop of a continued high level of ransomware attacks, new attacks on the digital supply chain, and an increased volume of attacks on identity systems, businesses are at significant risk.
An acceleration of credential misuse resulting in a dramatic increase in security incidents has led Gartner to highlight Identity Threat Detection and Response (ITDR) as one of the top cybersecurity trends for 2022. With so many identities to manage, “permissions creep” has become a significant issue. Today’s businesses need to be able to detect when attackers exploit, misuse, and/or steal their corporate identities, and to do so, Gartner advises treating identity as the new perimeter.
What is ITDR?
Identity Threat Detection and Response (ITDR) is a new security category focused on protecting credentials, privileges, cloud access, and the systems that manage them. The goal of ITDR is to detect credential theft, privilege misuse, and associated attack paths. ITDR solutions extend to the cloud and deliver detailed visibility for identities, including users, applications, containers, serverless functions, and more.
ITDR differs from existing identity protection tools, which usually focus on authorisation and authentication and look for attacks on endpoints. Instead, ITDR looks for attacks targeting identities, isolates compromised systems, collects forensic data, and gathers telemetry on the processes used during the attack. Some ITDR solutions also manage the identified attack surface by providing visibility into potential exposures that make businesses more prone to attack.
Why is ITDR Gaining More Attention?
With so much time and resources spent protecting digital assets, it can be easy for businesses to neglect to protect their own Identity and Access Management (IAM) infrastructure. However, in the past year, more advanced cybercriminals have been purposefully and aggressively targeting IAM infrastructure. The most notable breach was SolarWinds, whereby cybercriminals utilised administrative permissions to gain access to SolarWinds’ global administrator account. This demonstrates how organisations while spending significant time and money on improving IAM capabilities, have inadvertently increased the attack surface of the security infrastructure.
According to CrowdStrike’s 2022 Global Threat Report, 80% of today’s cyberattacks leverage identity-based attacks. Cybersecurity experts are now recognising that IAM isn’t robust enough, especially with threat actors actively targeting access management infrastructure. The fact is that more needs to be done to safeguard identity systems, detect when they are compromised, and enable fast and efficient response and remediation; this is where ITDR comes into play.
How To Mitigate Identity-Based Attacks
With a huge volume of breaches using compromised identities, every organisation needs a way to stop identity-based attacks faster. CrowdStrike’s Falcon Identity Threat Protection Solution helps businesses protect workforce identities everywhere and at a high level has the ability to:
- Discover identities - discover all identities across the enterprise, including stale accounts, and verify these identities to discover weaknesses across multiple domains.
- Gain visibility - gain complete visibility for authentication traffic to applications, resources, and identity stores.
- Detects threats - examine authentication events and questionable user behaviour in real-time and compare them against behaviour baselines to detect attacks and lateral movement.
- Improve response times - improve incident response by grouping events around users, devices, and activity.
- Reduce costs - shorten the time it takes to detect and respond to an attack by reducing the need for complex, error-prone log analysis and eliminating unnecessary security products and processes.
- Improve alert fidelity - gain unified control, reduce noise, and recognise true positive events of interest.
Furthermore, the Falcon Identity Threat Protection solution integrates with existing security architecture and works with existing IAM solutions and IT tools to ensure frictionless deployment and immediate return on investment.
Protecting Your Organisation from Identity-Based Attacks
With a huge rise in credential misuse, identity security forms a critical part of the cybersecurity threat landscape. This means the ability to detect and respond to identity-based threats is fundamental. However, while many tools aim to secure networks, securing identity often falls through the cracks. ITDR enables businesses to fill the gap by resolving credential and entitlement weaknesses and detecting real-time attacks. As cybercriminals continue to exploit credentials and entitlements to move laterally through our businesses, ITDR solutions are vital.
To find out more about real-time detection and prevention of breaches using compromised identities, contact the cybersecurity experts at InfoTrust today.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help