Gartner recently published their cybersecurity trends for 2022. In this series, we will take a deep look into these seven, how they affect the enterprise and what can be done about it.
The first in the series is the “Attack surface expansion.”
If you’d like to discuss this further with Inside-Out Defense, please reach out to us at firstname.lastname@example.org
“Trend No. 1: Attack surface expansion
Currently, 60% of knowledge workers are remote, and at least 18% will not return to the office. These changes in the way we work, together with greater use of public cloud, highly connected supply chains and use of cyber-physical systems have exposed new and challenging attack “surfaces.”
This leaves organizations more vulnerable to attack. Gartner recommends security leaders look beyond traditional approaches to security monitoring, detection and response to manage a wider set of risks.”: Source: Gartner
Users operating in multi-cloud and SaaS application environments carry multiple personas and avatars. They may only be a normal user inside their IAM, but double as an admin on a cloud resource or application (example: AWS EC2, RDS, Workday, Jira, Salesforce etc.), or a host of custom applications. This translates into these users having access to a wide array of organizations’ applications across multiple departments. As their roles in the organization develop and their activities evolve, so do their privileges and access levels add up, resulting in them having too many privileges. This privilege creep is often more than to the security organization's liking.
Without proper context and understanding of their behaviors, it is difficult to rein in the user privileges, and their different roles. This situation gets murkier with the non-human user and programmatic access elements created through APIs.
Privilege abuses occur in many forms. When setting up a systematic manipulation of the organizations assets, networks, or apps, it is noteworthy to look at the popular forms of abuse. Note: this is not a complete list and is continuously evolving as technology evolves.
Looking at the recent cyberbreaches, Inside-Out Defense’s research team has observed that there are often one or more of these abuses occurring simultaneously creating a perfect storm inside the organization and exposing the systems to multiple points of a breach. Often a single attribute of privilege abuse may merely remain a symptom alone...
Hence, the current approach of IAM and PAM solutions which are focused on developing point solutions to address these problems individually don’t match up to the sophistication of the threats faced from multiple vectors. Organizations need to approach the problem with greater visibility and a more holistic approach that cures the disease at its roots, rather than placing band aids on an already open wound.
The problems that security organizations must deal with are numerous & growing by the day. As noted in the Verizon DBIR report, Privilege abuse-related issues are the #1 threat vector that security teams must deal with.
These Privilege abuses manifest in multiple ways:
Current solutions need to be more diligent and flexible in the approach to the problem.
As discussed above, Privileges are dynamic in nature and difficult to manage. We see different forms of Privilege misuse in the market some of which may be inadvertent error, others a result of compromised accounts. Why?
Most importantly, the current set of solutions lacks real-time decision-making & enforcement of access guardrails across growing footprints of infrastructure & applications.
What was otherwise a simple process, the intersection of IT changes and the cloud has rendered the basic access governance in user commissioning and de-commissioning messy and prone to the risk of security exposure
Organizations have been left to employ more and more solutions in and around identity management such as PAM, workflow-based tools, CIEM etc. in order to make up for the gap in what till now is a true lack of Privilege Governance.
For example, workflow-based tools lack control when deployed at scale, unless you have an SOC team that has significant bandwidth to deal with a stream of alerts/notifications and can manually prioritize signal to noise. This is a significant cost center for the enterprise and is an extremely inefficient way to manage the governance needed for identity and access management .
A CIEM provides lots of insights but lacks context, has no understanding of the intent of access and needless to say, lacks any real-time remediation;
Right now the modus operandi has security teams building a reactive posture for access governance, and that is like only playing defense on a football field. Ultimately the opponent will still score, but still your own team has no chance of winning.
The why is simple. Cyberattacks occur beyond the boundaries of the current set of solutions.
With the current set of IAM & PAM vendors largely unable to solve this massive problem, enterprises' security teams are forced to make more investments in point solutions to stitch their defenses to rein in privilege abuse in their organizations. This is costly and inefficient, and still does not fundamentally get to the root of the problem. More of the same approach, trying to band aid existing solutions together won’t cut now, and especially not in the future. The Privilege abuse problem is moving at a furious pace, and solutions are failing to maintain pace with the threats.
Unless the intent behind users’ every activity and behavior is understood, it is almost impossible to anticipate users’ next move. Enterprises require the ability to make real-time decisions and enforce & validate access guardrails behind every human and non-human activity. This is a fact!
At Inside-Out Defense we have seen firsthand for our customers that a lack of implementing a true Privilege Governance solution, and relying solely on the current PAM solutions raises the risk of exposure exponentially. Current solutions have created a breeding ground for repeated ransomware attacks, as threat actors have figured out that certain customers haven’t entirely addressed their security flaws with real-time guardrails.
Inside-Out Defense is a SaaS, agentless Privilege Governance platform that supports all clouds & on-prem environments built for ‘Continuous Validation of Trust’™. In Sum:
Inside-Out Defense Enables Enterprises to Govern Access Privileges in Real-Time
The Inside-Out Defense platform provides critical insights, delivers real-time decisions, remediation, and drives enhanced value creation for security organizations inside the enterprise.
Advantages of adopting the Inside-Out Defense platform:
Change the paradigm in security from being reactive to stopping Privilege Abuse in its tracks. If you’d like to discuss this with Inside-Out Defense, please reach out to us at email@example.com