Identity is the New Perimeter Against Attack
Firewalls are no longer the first line of defense, or even the last line of defense. Instead, identity is quickly becoming the new bulwark as attack surfaces expand to include mobile devices and the cloud, privileged accounts have more access to data than ever before, and unstructured data proliferates.
"That's changed the access landscape to one where strong identity management through authentication, authorization and access control is where organizations must meet the growing threat," explained Tapan Shah, a managing director at Sila, a technology and management consultancy. "This is the new perimeter."
Information technology professionals have practiced the defense-in-depth strategy for years—relying upon firewall after firewall within the DMZ for fundamental security against predicted and known threats. Today, however, the attack surface is changing.
Access is being moved out of the organization and into the cloud. For example, many organizations now host their corporate e-mail and collaboration software with cloud providers. Cloud changes the concept of a perimeter, making traditional security increasingly irrelevant in the commercial world.
The perimeter is also a moving target with the proliferation of unstructured data repositories like Box and DropBox, where potentially sensitive data is stored and shared. Proliferation also extends to privileged accounts, now in the hands of so many more people in organizations. The same goes for the most ubiquitous device of all to access company data—smartphones.
Together, these avenues of access have the login screen in common.
"Name the barrier that is blocking North Korean agents from hacking your Gmail. It's Google's single or multi-factor authentication scheme" explained Shah. "That is the perimeter. That is your first line of defense, your identity and what you can do with it."
To subvert the new perimeter, attackers are using social engineering to steal usernames and passwords. There's a long list of companies and government agencies—most all using just basic password protection—that have fallen prey to phishing attacks where employees gave away legitimate credentials. Many of those led to privilege escalation, where attackers gained access through non-privileged accounts and maneuvered their way to higher privileges and sensitive data—resulting in breaches with huge impacts on operations, financials, identity, reputation, and national security.
Third-party vendors are of particular concern, as breaches from this group were the source of several significant attacks in recent years. The cloud introduces software as a service and third-parties/contractors to the access landscape, along with possible unanswered questions about their security practices.
The Need for Identity Analytics
Attackers do not have to engage in nefarious hacking activities with worms and viruses anymore. They just need to steal login ID's and passwords. And when they do, studies show they often operate inside organizations undetected for 60+ days and much longer in many cases.
There is a way to significantly reduce that number, however.
"Recognizing the value of data that organizations already have can quickly pinpoint intrusions," said Shah. "It includes logs from thousands of applications, activity information, IP information and VPN data that shows geographic locations. Unfortunately, the data is spread across disparate systems and goes un-examined. This gold mine of information is eventually transferred to archive without realizing its potential benefit."
Analyzing all this data by providing a user (identity) context can help organizations detect fraud and security anomalies in advance of a potential breach. The key to this is implementing a holistic examination of data to connect the dots, compare peer groups and analyze for anomalies so organizations catch attackers faster, and imbue their security related decisions with context, depth, and intelligence.
The reality is that organizations have all the data necessary to accomplish that.