We’ve been hearing about Zero Trust and that “identity is the new perimeter” for years. Maybe it’s time to say, “identity is a perimeter”, because even though network perimeters are porous, they still exist. There is a growing awareness of the centrality of identity and access management in the larger field of IT security. This is because so many cyber-attacks leverage digital identities. This has led to increased emphasis and spending on IAM, beyond just the full IAM suite solutions. For example, we see higher quality and more user-friendly modular solutions for multi-factor (and passwordless) authentication, fine-grained authorization, privileged access management, and identity governance and lifecycle management, often delivered as cloud-hosted services.
The need for identity security was evidenced at our recent European Identity and Cloud (EIC) conference, where our track on identity security was well attended. We had speakers addressing Zero Trust implementations, Identity Threat Detection & Response (ITDR), fraud techniques, the use of generative AI for perpetrating account takeovers (ATOs), gamification of cybersecurity and identity defenses to improve security postures, API security, and the role of identity in cloud security.
ITDR garnered much attention from both attendees and vendors. Vendors have developed solutions that are targeted at reducing threats and risks from enterprise ATOs that lead to asset compromise, data loss, and ransomware attacks. Sophisticated attackers today sometimes do not even use malware to attack victims. They simply take over legitimate accounts, often those that are not properly secured against remote attacks. In other cases, they buy access to real corporate accounts on the dark web. ITDR solutions primarily integrate with identity repositories and other security tools to understand normal activities in order to be able to identify abnormal activities that may be signs of malicious intent.
Some ITDR solutions leverage user behavioral analytics from endpoints, and some have identity deception capabilities, whereby fake accounts, credentials, and other lures are used to draw in would-be attackers to learn about their Tactics, Techniques, and Procedures (TTPs). The ITDR market is relatively new and there is a lot of variety in how the products are implemented. We at KuppingerCole expect that the ITDR field will grow, mature, and standardize on more inclusive feature sets. For our latest research on ITDR, see the recently published Leadership Compass on the subject.
Fraud prevention is a desired outcome for identity security, especially within consumer and customer IAM. Fraudsters are constantly innovating on their techniques and finding new targets. Organizations must strive to keep up with mechanisms and services to detect fraud and prevent losses. Fortunately, numerous Fraud Reduction Intelligence Platforms (FRIPs) are available to help organizations of all kinds prevent ATOs, new account fraud, synthetic fraud, and ecommerce abuse. FRIP solutions typically have multiple capabilities to detect and stop fraud attempts, including identity verification, compromised credential intelligence, device intelligence, user behavioral analysis, behavioral biometrics, and bot detection and management. KuppingerCole will be updating our research on FRIPs later this year.
Looking forward to our cyberevolution conference, we will continue our focus on identity security. We will have speakers addressing ITDR and fraud prevention, as well as practical sessions on the implementation of Zero Trust to bolster identity security. cyberevolution will take place in Frankfurt, Germany on December 3-5, 2024. To register, click here.
