Intelligent CISO Issue 59 | Page 41

EXPERT OPINION

Stopping modern attacks requires XDR with identity

Kapil Raina , Identity Protection Evangelist at CrowdStrike , explains why identity protection is crucial , how this differs from what IAM vendors provide and what organisations need to know when they evaluate security vendors .
Kapil Raina , Identity Protection Evangelist at CrowdStrike s organisations

A have strengthened protection for their networks and endpoints , compromising identities has become a focal point of infiltrating organisations . We ’ ve seen a rapid rise in the prevalence of identitybased attacks : nearly 80 % leverage identity-based attacks to compromise legitimate credentials and use techniques like lateral movement to quickly evade detection . Organisations must be experts at understanding adversaries and their motivations in order to detect and respond to these threats .

While the cybersecurity industry may have various definitions of XDR , Gartner recommends choosing an XDR tool that includes at minimum : endpoint , data lake , orchestration , source of identity data for correlation , and threat intelligence .
The problem is , most XDR vendors fail to integrate identity protection in a meaningful way . While Identity and Access Management ( IAM ) is important , it does not fully defend against identitybased attacks . XDR vendors as a whole are not designed , from the ground up , with the necessary telemetry to identify modern identity-based attacks in realtime across hybrid environments , remote workers and multiple identity stores without disrupting users .
Where IAM falls short
It ’ s always about the keys to the kingdom . An adversary ’ s ultimate goal is always to gain access to critical data , typically as a privileged user , and move about undetected .
IAM vendors are extremely effective at managing digital identities across their life cycles , from provisioning to de-provisioning , allowing organisations to manage users ’ digital identities and ensuring all users have access to the resources they need to perform their roles . Many organisations lean on these vendors as part of their Zero Trust efforts .
The problem is , these IAM solutions have been on their own ‘ island ’ for a while now , leading to potential blind spots . In some cases , the IAM provider has challenges in securing its own infrastructure . When attackers use compromised credentials , they can infiltrate a network and circumvent the existing security solutions that www . intelligentciso . com
41