Blog

What You Need To Know About Identity Threat Detection And Response

John Martin Ladrido
September 14, 2022
Home

Let's Get STARTED

Today, every business is faced with the challenge of protecting an ever-expanding digital footprint. Furthermore, the move towards remote working and digital transformation has created new and more complicated security challenges. Against a backdrop of a continued high level of ransomware attacks, new attacks on the digital supply chain, and an increased volume of attacks on identity systems, businesses are at significant risk.

An acceleration of credential misuse resulting in a dramatic increase in security incidents has led Gartner to highlight Identity Threat Detection and Response (ITDR) as one of the top cyber security trends for 2022. With so many identities to manage, “permissions creep” has become a significant issue. Today’s businesses need to be able to detect when attackers exploit, misuse, and/or steal their corporate identities, and to do so, Gartner advises treating identity as the new perimeter.

WHAT IS ITDR?

Identity Threat Detection and Response (ITDR) is a new security category focused on protecting credentials, privileges, cloud access, and the systems that manage them. The goal of ITDR is to detect credential theft, privilege misuse, and associated attack paths. ITDR solutions extend to the cloud and deliver detailed visibility for identities, including users, applications, containers, serverless functions, and more.

ITDR differs from existing identity protection tools, which usually focus on authorisation and authentication and look for attacks on endpoints. Instead, ITDR looks for attacks targeting identities, isolates compromised systems, collects forensic data, and gathers telemetry on the processes used during the attack. Some ITDR solutions also manage the identified attack surface by providing visibility into potential exposures that make businesses more prone to attack.

WHY IS ITDR GAINING MORE ATTENTION?

With so much time and resources spent protecting digital assets, it can be easy for businesses to neglect to protect their own Identity and Access Management (IAM) infrastructure. However, in the past year, more advanced cybercriminals have been purposefully and aggressively targeting IAM infrastructure. The most notable breach was SolarWinds, whereby cybercriminals utilised administrative permissions to gain access to SolarWinds’ global administrator account. This demonstrates how organisations while spending significant time and money on improving IAM capabilities, have inadvertently increased the attack surface of the security infrastructure.

According to CrowdStrike’s 2022 Global Threat Report, 80% of today’s cyberattacks leverage identity-based attacks. Cyber security experts are now recognising that IAM isn’t robust enough, especially with threat actors actively targeting access management infrastructure. The fact is that more needs to be done to safeguard identity systems, detect when they are compromised, and enable fast and efficient response and remediation; this is where ITDR comes into play.

HOW TO MITIGATE IDENTITY-BASED ATTACKS

With a huge volume of breaches using compromised identities, every organisation needs a way to stop identity-based attacks faster. CrowdStrike’s Falcon Identity Threat Protection Solution helps businesses protect workforce identities everywhere and at a high level has the ability to:

  • Discover identities - discover all identities across the enterprise, including stale accounts, and verify these identities to discover weaknesses across multiple domains.
  • Gain visibility - gain complete visibility for authentication traffic to applications, resources, and identity stores.
  • Detects threats - examine authentication events and questionable user behaviour in real-time and compare them against behaviour baselines to detect attacks and lateral movement.
  • Improve response times - improve incident response by grouping events around users, devices, and activity.
  • Reduce costs - shorten the time it takes to detect and respond to an attack by reducing the need for complex, error-prone log analysis and eliminating unnecessary security products and processes.
  • Improve alert fidelity - gain unified control, reduce noise, and recognise true positive events of interest.

Furthermore, the Falcon Identity Threat Protection solution integrates with existing security architecture and works with existing IAM solutions and IT tools to ensure frictionless deployment and immediate return on investment.

PROTECTING YOUR ORGANISATION FROM IDENTITY-BASED ATTACKS

With a huge rise in credential misuse, identity security forms a critical part of the cyber security threat landscape. This means the ability to detect and respond to identity-based threats is fundamental. However, while many tools aim to secure networks, securing identity often falls through the cracks. ITDR enables businesses to fill the gap by resolving credential and entitlement weaknesses and detecting real-time attacks. As cybercriminals continue to exploit credentials and entitlements to move laterally through our businesses, ITDR solutions are vital.

To find out more about real-time detection and prevention of breaches using compromised identities, contact the cyber security experts at Infotrust today.