Today, every business is faced with the challenge of protecting an ever-expanding digital footprint. Furthermore, the move towards remote working and digital transformation has created new and more complicated security challenges. Against a backdrop of a continued high level of ransomware attacks, new attacks on the digital supply chain, and an increased volume of attacks on identity systems, businesses are at significant risk.
An acceleration of credential misuse resulting in a dramatic increase in security incidents has led Gartner to highlight Identity Threat Detection and Response (ITDR) as one of the top cyber security trends for 2022. With so many identities to manage, “permissions creep” has become a significant issue. Today’s businesses need to be able to detect when attackers exploit, misuse, and/or steal their corporate identities, and to do so, Gartner advises treating identity as the new perimeter.
Identity Threat Detection and Response (ITDR) is a new security category focused on protecting credentials, privileges, cloud access, and the systems that manage them. The goal of ITDR is to detect credential theft, privilege misuse, and associated attack paths. ITDR solutions extend to the cloud and deliver detailed visibility for identities, including users, applications, containers, serverless functions, and more.
ITDR differs from existing identity protection tools, which usually focus on authorisation and authentication and look for attacks on endpoints. Instead, ITDR looks for attacks targeting identities, isolates compromised systems, collects forensic data, and gathers telemetry on the processes used during the attack. Some ITDR solutions also manage the identified attack surface by providing visibility into potential exposures that make businesses more prone to attack.
With so much time and resources spent protecting digital assets, it can be easy for businesses to neglect to protect their own Identity and Access Management (IAM) infrastructure. However, in the past year, more advanced cybercriminals have been purposefully and aggressively targeting IAM infrastructure. The most notable breach was SolarWinds, whereby cybercriminals utilised administrative permissions to gain access to SolarWinds’ global administrator account. This demonstrates how organisations while spending significant time and money on improving IAM capabilities, have inadvertently increased the attack surface of the security infrastructure.
According to CrowdStrike’s 2022 Global Threat Report, 80% of today’s cyberattacks leverage identity-based attacks. Cyber security experts are now recognising that IAM isn’t robust enough, especially with threat actors actively targeting access management infrastructure. The fact is that more needs to be done to safeguard identity systems, detect when they are compromised, and enable fast and efficient response and remediation; this is where ITDR comes into play.
With a huge volume of breaches using compromised identities, every organisation needs a way to stop identity-based attacks faster. CrowdStrike’s Falcon Identity Threat Protection Solution helps businesses protect workforce identities everywhere and at a high level has the ability to:
Furthermore, the Falcon Identity Threat Protection solution integrates with existing security architecture and works with existing IAM solutions and IT tools to ensure frictionless deployment and immediate return on investment.
With a huge rise in credential misuse, identity security forms a critical part of the cyber security threat landscape. This means the ability to detect and respond to identity-based threats is fundamental. However, while many tools aim to secure networks, securing identity often falls through the cracks. ITDR enables businesses to fill the gap by resolving credential and entitlement weaknesses and detecting real-time attacks. As cybercriminals continue to exploit credentials and entitlements to move laterally through our businesses, ITDR solutions are vital.
To find out more about real-time detection and prevention of breaches using compromised identities, contact the cyber security experts at Infotrust today.
