How to Invest in AI to Overcome the Challenges of Identity-based Security
AI is reshaping what’s possible when it comes to protecting organisations against identity-based attacks. By offering prescriptive recommendations on how to harden identity security, together with advanced detection of evolving threats, organisations can improve their ability to operate now and into the future.
Posted: Wednesday, Oct 08

i 3 Table of Contents

How to Invest in AI to Overcome the Challenges of Identity-based Security

Introduction

Identity is now one of the most critical risk exposure points for organisations – frequently targeted and exploited by attackers to gain footholds, escalate privileged access, and move laterally within environments.

A recent study found that 90% of organisations experienced at least one identity-related incident in the past year, with 84% of incidents having “a direct business impact”. A key contributing factor is that identities are overwhelmingly over-privileged, with only 1% of cloud privileges that are granted to identities ever being used.

Attackers have been able to successfully and successively exploit excessive standing privileges to gain access to cloud-based systems and data.

While some attacks are incredibly sophisticated, increasingly it seems that attackers are often getting lucky, stumbling on over-privileged accounts that provide pathways for entry and escalation. And their “luck” is increasing as the number of standing privileges and super admins proliferate.

The pressure is firmly on defenders to find more effective ways to manage and monitor identities and all the accounts they have access to in an environment – adopting identity hygiene measures and rightsizing privileges based on need. The challenge they face is visualising an identity and the multitude of accounts associated to it. Generally speaking, a single identity may have access to dozens of systems or ecosystems, each with its own access rules and controls.

Internally, every cloud, application and system is often run and maintained in a siloed fashion. In multicloud setups, a team that operates one cloud is often distinct from the team that operates another. The two may not speak, let alone compare notes on controls and access permissions.

Linking a single identity to cross silo accounts it has access to across these clouds, and maintaining a registry of these access permissions, is both a huge task and huge ‘ask’ of security teams.

In an age where there are often not enough security personnel, it’s not a question of whether or not security teams are up to it – they undoubtedly are – but instead it’s a question of whether or not this is an effective use of this resource.

There are now faster, better ways to identify and proactively remediate over-privilege to reduce the risk of falling victim to identity-related threats, and to monitor and detect any identity-related breaches. In particular, the use of AI-based tooling is proving the difference for enterprises and governments to stay on top or to get ahead.

Taking a Graph View

A key factor driving defenders to use AI for identity security insights and actions is to be able to move at the pace of attackers and attacks. We know that cyber groups and gangs increasingly band together to extort companies, sharing with each other what is and isn’t working. This is ratcheting up pressure on organisations to maintain constant vigilance but is also precisely where AI comes into its own.

AI’s ability to map and visualise identities, accounts and permissions affords defenders the capability to act and respond at pace, moving as fast if not faster than the attackers.

Attackers tend to think in terms of ‘graphs’. If an attacker is able to get a foothold in one part of the organisation, they will conceptualise all the links between permissions and privileges across the organisation to figure out a way to move from their point of entry to their actual intended target. Unless they’re extraordinarily lucky to get access to the intended target volume or resource immediately, they’ll have to escalate privileges to move laterally and repeat this until they achieve their goal.

Defensive teams can benefit from the same approach – graphing the relationship between identities, accounts and privileges – but the expansiveness and complexity of current multi-cloud environments means there is simply too much data for a team of people to digest and explore.

Traditionally organisations used identity governance and administration or IGA tools to take the data and correlate identities to those accounts. AI-based tools enable organisations to go one step further: to build an identity and a picture of all accounts and privileges, including those that may be granted via misconfigurations – that are associated with that identity, in a way that is more effective, faster, efficient and cheaper than personnel-intensive or other technology-based methods.

Two Things An AI-based Identity Protection Tool Should Do

Ideally, the AI should be capable of providing two different outputs: detections and recommendations.

As identity-based attacks evolve, it’s important to be able to proactively detect and recognise anomalous activities such as privileged accounts under active attack, manipulation of Identity Provider (IdP) configuration, and privilege escalation that take advantage of new attack vectors. For this to occur, a detection engine that’s constantly fed data on emerging attack vectors is needed for the AI to access. By checking an environment against emerging attack vectors, the AI becomes a really powerful and cost-effective mechanism to accelerate and react quickly to a constantly evolving attack space.

Arguably, the bigger benefit from engaging AI comes in the form of prescriptive recommendations on what an organisation can do to enhance its identity security posture. While it’s all very well to be able to detect a threat once it starts to exploit an identity or associated privileges, having a secure environment beforehand is even more beneficial. Recommendations around remediating dormant accounts, privilege escalation paths, default administrative credentials, certificate misconfigurations and the like, give organisations the opportunity to harden their environment against current and emerging identity-related threats.

These weaknesses can be hard to track down without AI. It can take months for security personnel to perform the same work unaided, and manual efforts will not be as effective as AI at locating nested or otherwise hidden weaknesses in identity management and controls. Security teams fix these issues quickly once they’re pointed out – and AI ensures that intelligence on improvements is constantly available.

Summary

In conclusion, AI is reshaping what’s possible when it comes to protecting organisations against identity-based attacks. By offering prescriptive recommendations on how to harden identity security, together with advanced detection of evolving threats, organisations can improve their ability to operate now and into the future.

Scott Hesford
Scott Hesford is Director of Solutions Engineering for Asia Pacific and Japan at BeyondTrust. He has over a decade of experience in IT security. Before joining BeyondTrust in 2019, he worked as Principal Consultant across APJ for CA Technologies where he specialised on technologies within Identity Governance and Administration, Advanced Authentication, Privileged Access Management, Web Access Management and API management. A trusted cyber security advisor to enterprise and mid-market customers alike, his experience spans across several industries including finance, utilities and manufacturing in addition to state and federal governments.
Share This