Reducing Identity-related Risks: The Complete Package or a One-Man Show?

Wednesday, May 24, 2017

Jackson Shaw


When it comes to reducing risk before an issue occurs, do organizations need the unequivocal strength of The Avengers or could they hedge their bets on just Iron Man?

While cybersecurity threats like ransomware and botnets are increasingly making headlines, for most organizations, internal employees are their biggest risks. Studies show that internal employees account for 43 percent of data loss. As such, cybersecurity professionals are increasingly buckling down on identity and access management (IAM) to protect their critical data assets.

In the world of traditional IAM, two-factor authentication, single sign-on, provisioning, governance and privileged management are just some of the related disciplines within this market. More recently, IT buzzwords like “analytics” have begun to proliferate into the realm of IAM – and thus the emergence of “identity analytics.” Like most emerging technologies, identity analytics is often misunderstood and misconstrued. Organizations need to take a step back, examine the areas of identity analytics and why they might need them—and which will bring the most value.

Analytics is the practice of pinpointing key information residing in large amounts of data to provide visibility and comparison that can often predict what might happen next. When it comes to IAM, solutions have been primarily focused on the area of behavior analytics – i.e., looking at what type of behavior occurred and the reasoning behind this behavior. However, they should also be focused on identity analytics and reducing risk before bad behavior impacts the business.

To put it in more playful terms, if we think of the goal of IAM as being to stop villains, would you rather have the combined powers of an entire band of superheroes on your side or to rely on just one hero to save the day? Organizations need to take a more holistic approach by implementing identity analytics in tandem with behavior analytics. After all, do organizations need the unequivocal strength of The Avengers or could they hedge their bets on just Iron Man when it comes to reducing risk before an issue occurs?

Behavior Analytics (Iron Man) – A Lonely Hero

Known also as User Behavior Analytics (UBA), behavior analytics is the practice of gathering information and data based on the user’s behavior. Once supplied with this information, the UBA tool can identify what behavior/usage deviates from a “normal” baseline to determine what action, if any, is needed.

In some cases, a user’s recent activities may differ substantively from their historical activity, which ultimately indicates a change in pattern and more importantly, a possible security breach. For example, an employee within an organization’s finance department (rightfully) has access to the file shares that store all the merger and acquisition (M&A) documentation. And over the course of the last nine months, the user visits the site on average twice per week and collectively downloaded three documents. However, over the past two weeks, the user visited the site every night after 9 p.m. and began downloading a massive amount of data.

While within the parameters of approved access, UBA would notice that the behavior is anomalous – triggering further investigation from management and possibly even security. This is a simple example of how behavior analytics – in this scenario, Iron Man - can be used to reduce security loopholes.

But if you only had Iron Man’s genius-level intellect and his powerful, armored suit, it still wouldn’t guarantee defeat against the likes of Loki or Ultron — or users intent on stealing data, especially after the fact. To do battle against these foes, you’d need mightier defense on your side. In the world of IAM, that means being able to stop enemies in their tracks before they strike.

Identity Analytics (The Avengers)- A More Collective Defense to the Rescue

As opposed to just tracking behavior, identity analytics approaches the issue from a different angle. It fully analyzes and understands the entitlements a user should have vs. what they actually do have.

Simply understanding what entitlements a user has is not enough and any IAM product can report on those. What drives true value is the analytical component of understanding what entitlements a user has as it relates to the rest of the organization, his or her peers, or even between organizations. This collective power translates into the ability to predict trends and behaviors, identify what may potentially happen, and make recommendations for corrective action. It’s not unlike having the diverse knowledge, powers, and strength of an entire band of superheroes like The Avengers on your side.

Imagine an employee that previously worked in IT and ultimately decided to transition into the role of a pre-sales engineer. When the sales department uses traditional IAM tools to pull a list of “who has access to the pre-sales engineer SharePoint site,” this user would correctly show up. However, what would not be apparent is the fact that this user is now one of the most powerful users in the organization. What the report does not show is the entitlements that the user had as an IT professional had NOT been removed. This signifies that the user was never deprovisioned from their IT role, therefore the remaining, highly privileged access would increase potential security risks.

Identity analytics would find an anomaly of this nature almost instantly by comparing this individual with others from the pre-sales department. Armed with this information, the security professionals would know where to begin their work of securing the organization by removing the IT-related entitlements from this pre-sales engineer.

Beyond that, identity analytics can compare entitlements from one organization to another. If you are in a bank with 3,000 users, an identity analytics tool could show that when compared to banks of similar size and location, your bank has twice as many people with elevated privileges; a security posture you may want to investigate…and quickly.

Identity Analytics: Your Organization’s Newest Security Superpower

Identity analytics is a logical addition to an organization’s larger IAM arsenal. It’s a solution that allows you to preempt bad behavior and, accordingly, reduce your attack surface before an issue occurs. While having Iron Man on your team is no small feat, having more collective powers at your disposal will always be the better bet for fending off foes. Any security-minded organization needs the mightiest IAM heroes, in this case both behavior and identity analytics, to combat the bad guy. 

About the author: Jackson Shaw is senior director of product management at One Identity, an identity and access management company formerly under Dell. Jackson has been leading security, directory and identity initiatives for 25 years.

Possibly Related Articles:
Network->General Enterprise Security Security Awareness
Analytics cybersecurity Behavior Analytics Identity Analytics
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.