The frequency of ransomware attacks has doubled over the last couple of years, accounting for 10% of all breaches. According to the 2022 Verizon Data Breach Investigation Report, the ‘human element’ is the primary means of initial access in 82% of breaches, with social engineering and stolen credentials serving as key threat actor TTPs. Attackers consistently attempt to access valid credentials and use them to move throughout enterprise networks undetected. These challenges are driving CISOs to put identity security at the top of their priority list.
Traditional identity security solutions topping the list include Identity and Access Management (IAM), Privileged Access Management (PAM), and Identity Governance and Administration (IGA). These tools ensure the right users have appropriate access and employ continuous verification, guiding principles of the zero-trust security model.
However, Identity and Access Management – focusing solely on provisioning, connecting, and controlling identity access – is just the starting point to identity security. Coverage must extend beyond the initial authentication and access control to other identity aspects such as credentials, privileges, entitlements, and the systems that manage them, from visibility to exposures to attack detection.
From an attack vector perspective, Active Directory (AD) is an obvious asset. AD is where identity and its key elements naturally exist, which is why it is in an attacker’s crosshairs and a top security concern. In addition, as cloud migration continues at a rapid pace, additional security challenges arise as IT teams move quickly to provision across their environments.
When AD vulnerabilities combine with the cloud’s tendency toward misconfiguration, the need for an additional layer of protection beyond provisioning and access management becomes much clearer.
Modern, innovative identity security solutions provide essential visibility into credentials stored on endpoints, Active Directory (AD) misconfigurations, and cloud entitlement sprawl. Identity Attack Surface Management (ID ASM) and Identity Threat Detection and Response (ITDR) are new security categories designed to protect identities and the systems that manage them.
These solutions complement and operate in conjunction with Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Network Detection and Response (NDR), and other similar solutions.
ID ASM looks to reduce the identity attack surface to limit the exposures attackers can exploit. The fewer exposures, the smaller the identity attack surface. For most enterprises, this means Active Directory, whether on-premises or in Azure.
While EDR is a robust solution that looks for attacks on endpoints and collects data for analysis, ITDR solutions look for attacks targeting identities. Once an ITDR solution detects an attack, it adds a layer of defense by providing fake data that redirects the attacker to an authentic-looking decoy and automatically isolates the compromised system conducting the query.
ITDR solutions also provide incident response assistance by collecting forensic data and gathering telemetry on the processes used during the attack. The complementary nature of EDR and ITDR fit perfectly together to achieve a common goal – thwarting an attacker’s efforts.
ID ASM and ITDR solutions provide detection of credential misuse, privilege escalation, and other tactics that attackers exploit or engage in within the network. They close critical gaps between identity access management and endpoint security solutions, stopping cybercriminal attempts to exploit vulnerable credentials to move through networks undetected.
SentinelOne has leveraged its deep experience in privilege escalation and lateral movement detection and offers a best-of-breed solution in the Identity Threat Detection and Response and ID ASM spaces. The company has secured its leadership position based on its broad ITDR and ID ASM solutions portfolio.
Identity Security Products:
With identity-based attacks on the rise, today’s businesses require the ability to detect when attackers exploit, misuse, or steal enterprise identities. This need is particularly true as organizations race to adopt the public cloud, and both human and non-human identities continue to increase exponentially.
Given the penchant for attackers to misuse credentials, leverage Active Directory (AD), and target identities through cloud entitlement, it is critical to detect identity-based activity with modern ID ASM and ITDR solutions.
Learn more about SentinelOne’s Ranger AD® and Singularity® Identity solutions.
Singularity RANGER | AD Assessor
A cloud-delivered, continuous identity assessment solution designed to uncover vulnerabilities in Active Directory and Azure AD