IAM is only one piece of the identity protection puzzle .
organisations may have in place . This blind spot was not fully understood or appreciated until recently . Organisations need to seamlessly marry detection and enforcement in order to prevent this type of activity .
Identity protection : Asking the right questions
Identity-based attacks are increasing the speed at which an adversary can gain access to , and move throughout , an organisation . It takes an average of one hour and 24 minutes for attackers to move laterally within an organisation – typically using identitybased attacks . If an adversary uses a valid credential , it ’ s much harder to determine that it ’ s malicious . You need real-time , full visibility across your security stack in order to identify potentially malicious behaviour and quickly act on it .
Can you detect and defend against identity-based attacks ? Ask your organisation the following :
• Do you have enough information from native and third-party sources , including behavioural analytics ?
• Can you process what ’ s happening and stop it in real time ? Do you leverage risk-based conditional access to minimise false positives ?
• Can you see and protect everything in your environment , including unmanaged or legacy systems ?
• Can you take proactive action to contain a breach ? This may include using risk scoring to block a compromised identity from being used at other endpoints or ensuring segmentation to prevent lateral movement .
The majority of today ’ s XDR solutions lack the capabilities to help organisations answer the above questions . We ’ ve seen most XDR vendors have a particular area of expertise , whether that ’ s starting at the network or making a SIEM or SOAR solution appear more attractive . However , by Gartner ’ s definition , they have to do it all if they ’ re going to call themselves an XDR solution .
While XDR extends detection and response from the endpoint across all environments , you can ’ t forget the individual or the identity in all of this – and you certainly can ’ t forget the threat intelligence aspect . Newer XDR solutions have trouble correlating attack patterns to determine whether an identity is compromised ( i . e . identifying in real time an unmanaged endpoint , but a known
42 www . intelligentciso . com