To more quickly penetrate and take control of essential corporate systems, attackers need to acquire control of identities more quickly, whether those identities belong to humans or machines. It is a common objective between attackers, cybercrime syndicates, and APT organisations to swiftly take control of IAM infrastructures.
Attackers can travel laterally across networks for months at a time by impersonating legitimate users. Oftentimes, IAM systems are the initial or major target, especially older perimeter-based systems without zero-trust security.
This year, 84% of businesses have suffered an identity-related hack, with 78% reporting an immediate effect on their operations. Ninety-six percent think the hack and its effects might have been prevented with stronger identity-based zero-trust protections.
Businesses are facing difficulties with two pillars of the zero trust framework: ensuring least privileged access and adopting segmentation. Organizational networks now have twice as many machine identities (including bots, robots, and Internet of Things (IoT) devices) as human identities.
Attacks against, and reliance on, machine identities have increased
There were about 250,000 machine identities in a typical business in 2016, and this figure is expected to climb to 300,000 in 2017. That amount is 45 times more than the number of unique people in the world. Eighty-four percent of security managers report that the number of identities they are responsible for has doubled in the past year, while a quarter report that it has climbed by at least 10 times.
Almost the past five years, there has been a surge of over 1,600% in the amount of attacks that include the forgery or misuse of machine IDs. Seventy-five percent of cloud security failures in 2018, according to Gartner, will be the consequence of problems with identity management, access control, or privileges. Keyfactor found that while many businesses keep track of their SSH keys and digital certificates, many do not have an up-to-date inventory of either.
Sixty-one percent of businesses don’t know enough about their certificates and keys to properly manage their machines’ identities. Fifty-five percent of these companies reported a cyber attack on their company. A majority of businesses have had at least one security incident or data breach in the past year because of compromised machine identities such as Transport Layer Security (TLS), Secure Shell (SSH) keys, code signing keys, and certificate-based assaults.
The importance of IAM to zero trust and why
At Fal.Con 2022, George Kurtz, co-founder and CEO of CrowdStrike, spoke as a keynote speaker about the significance of identity-first security.
To establish robust and effective access controls based on the unique requirements of individual users, “identity-first security is crucial for zero trust,” he explained. Continuous user and device authentication helps companies safeguard themselves against security breaches by reducing the likelihood of illegal access. Approximately 80% of the hacks we’ve seen involve stolen identities or other forms of credentials.
Some of the most well-known names in the IAM industry are as follows: Amazon Web Services (AWS) Identity and Access Management; CrowdStrike; Delinea; Ericom; ForgeRock; Google Cloud Identity; IBM Cloud Identity; Ivanti; Microsoft Azure Active Directory; and others.
When integrated into the heart of a zero-trust architecture, IAM provides advantages that are not possible with other security strategies or structures. Multi-factor authentication (MFA) is now expected as a first step because it’s so easy to implement. Many CISOs rely on it to justify their budgets and demonstrate progress on zero-trust programmes.
Advantages of IAM include lowering the possibility of data breaches by the regulation of access to all identities, systems, and resources; prohibiting illegal access to systems and resources; and demanding identity verification prior to providing access. By requiring identity verification before giving access, IAM helps protect enterprises from external threats while also preventing internal dangers like unauthorised access by workers, contractors, or other insiders.
According to CISOs interviewed by VentureBeat, IAM also simplifies compliance reporting obligations linked to data security and privacy legislation by providing an audit record of how segmentation, microsegmentation, and least-privileged access are achieved throughout a network.
Building trust from zero
By segregating endpoint and machine identities into segments independent of their source, zero-trust frameworks are strengthened further when IAM and microsegmentation are combined. AirGap’s Zero Trust Everywhere solution eliminates the possibility of lateral movement by treating each identity’s destination as a distinct micro-segment. This enables the execution of fine-grained context-based policies across all attack surfaces.
“Zero trust is an approach to security that guarantees that individuals have access to the correct resources in the right settings and that access is re-assessed continually,” explained Markus Grüneberg, director of industrial solutions — EMEA Central at Okta. Since identification is the foundation of zero trust, “organisations must mature their approach to identity and access management to establish a security architecture that meets this purpose.”
Enforcing least privileged access, microsegmentation and MFA, and treating implicit trust as a weakness that needs to be removed from tech stacks, ensure that machine and human identities are more secure in a zero-trust framework. The goal is to eradicate all implicit trust in managing these identities.
Two talks at Black Hat 2022 showed how machine identities are the most difficult to secure and the most susceptible to attack when they are part of multicloud and hybrid cloud architectures. According to the researchers’ presentations, using native IAM support from public cloud platforms to safeguard computers’ identities is ineffective since security holes exist in multicloud and hybrid cloud deployments.
The reasons why the use of IAM will increase rapidly in 2023
Cybercriminals are more adept at leveraging stolen credentials for privileged access and the identities they are tied to to spread laterally across networks. For example, CrowdStrike discovered that identities are under attack in their Global Threat Hunting Report.
According to Param Singh, v.p. of Falcon OverWatch at CrowdStrike, “a key finding from the report was that upwards of 60% of interactive intrusions observed by OverWatch involved the use of valid credentials,” which continue to be abused by adversaries to facilitate initial access and lateral movement.
Demand for IAM and larger zero-trust security frameworks and tactics has increased as threats have become more severe. Since the aforementioned human and machine identities are expected to grow at an exponential rate, businesses have turned to IAM to help them cope. Zero-trust frameworks, which are intended to shield hybrid, virtual workforces from changing threats, now now rely heavily on IAM.
Several policy shifts point to IAM’s central position and rising implementation beyond 2023. The SP 800-207 Zero Trust architecture developed by the National Institute of Standards and Technology (NIST) places a premium on IAM. President Biden has issued Executive Order 14028, emphasising identity management and protection.
In addition, as of January 26, 2022, according Memorandum M-22-09 from the Office of Management and Budget (OMB), “Agencies must adopt centralised identity management systems for agency users that can be incorporated into applications and shared platforms.”
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover