Hello and good afternoon or good morning depending on where you are. Welcome to this latest webinar with KuppingerCole. Today we're supported by our good friends IC Consult and I'm also delighted to have Andre Priebe with us to talk. He'll be talking a little bit later.
So hello, welcome Andre, nice to see you again. Thank you very much, Paul. Nice to see you.
Okay, so our theme is identity security and what we've called the power trio of Zero Trust, Identity First and ITDR. So let's get into that. Just a few housekeeping rules for you listening. There's no need to do anything to the audio control that we're running, all that. It says polls, there are no polls in today's particular webinar, but there will be questions at the end for you to have your chance to question myself and Andrei. And you can enter questions at the GoToWebinar control panel. And finally, this will be recorded and stored and made ready for download on the KuppingerCole website.
So for any of your colleagues or even for yourself, if you just want to go through it again, it will be there in a few days. So here's our agenda, very simple. First I talk, then Andrei talks, and then we'll have questions and the wrap-up session. And hopefully, you'll be able to contribute some of those questions. It's always great to get questions from end users. So let's go. So what are we talking about? Identity. This is a slide which I like to use just to show what is happening really with identity and particularly, obviously, in business IT.
We have three forces I've identified, which are velocity, dispersion, and a number or density. All three things are happening at once, which is also a nice intro into our trio because we also have a power trio of forces. So we have velocity, we have the sheer speed at which identities are now wishing to gain access to business IT. And at the same time, the number of identities has moved or shifted exponentially and includes, obviously, now non-human identities and dispersion. That simply means that identities are no longer clustered around a central network.
They are obviously coming in from all over the place, from multiple destinations, different clouds, and different endpoints. So everything has changed recently in the last few years. This is what's happening right now in your organization. So how can we deal with it?
Well, here we go, the power trio. This then, instead of our forces, we now have our trio. So first of all, we have to start taking a identity-first posture when it comes to security. We need to think about zero trust, how we can implement a zero trust architecture or foundation to our business IT. And then something new, which is what Andre will be talking a little bit more about in a bit, identity threat detection and response, which is a tool which adds a new layer of defense to identity.
So just like other detection response tools, it can see when identities are being attacked and it can do something about it in real time. But I'll let Andre talk a little bit more about that. But that is our power trio. And this is why this is all happening.
As I said, the number of identities increasing unbelievably includes not just human identities. We're not just talking about administratives. We're talking about every kind of computer user. Soon we'll have a situation where the number of non-human identities will outstrip human.
In fact, that's probably already happened. We just haven't really had a chance to count it. The dispersion identities are coming in from third parties, from parts of your supply chain, even from your customers. And the way that we use applications is changing. There are more cloud-based applications. There are more productivity tools. There are more things like ServiceNow and ticketing applications, things that allow us to collaborate and do stuff together. But it also means that more people are joining in, finding access to particular documents or particular applications or servers, et cetera.
AI is having an impact on this, just like everything else. Soon AI was not just in terms of how we manage identities, but AI will soon start probably creating machine identities of its own to do those tasks that we have decided are safe enough to give to AI and save humans from arduous tasks. The user experience, again, I mentioned that earlier, that computer users have really changed. There are a millennial. There is a Gen X or a Gen Z shift. And these people are coming into business. They have different sense of expectation. They have a different idea of how they want to work with computers.
They're used to things happening very fast. They're used to downloading stuff as and when they want it. This can actually help us in business if we manage it correctly. There's nothing wrong with giving people quick access to stuff if it gets the job done. And of course, the integration of clouds, apps, and resources is an ongoing task.
Even now, many businesses haven't fully gone to the cloud, but it's a trend that is pretty much unstoppable. And it affects vendors too. Many vendors are now also rewriting applications to be cloud native. And on the right there, you can just see a World Economic Forum sort of list of all the things, the share of organizations that are likely to adopt technologies in the next four years or next three years now. And you can see, right, the top five or six are all the things that we're talking about, digital platforms and apps, big data analytics, cloud computing, and so on.
Interestingly, artificial intelligence is a little bit further down the list. That might have gone up in the last year or so. So that's kind of the state of play, the state of the industry, the background to all that. And then this is an updated slide of what I see as identity first access for data and business, which is kind of a new paradigm that really encompasses all the existing tools that we have. Privileged access management, KIM, identity and access management, and ITDR is also adding to that.
But the trend is that we have distinct identity types that are managed through what I call an identity zoo. So we have the key access management tools that have existed for some time, the new one, SIM, KIM, and ITDR, and then where all this stuff is and what they're trying to get to. But actually, I'm taking this further, and we need to almost look at it from a data angle, first of all, looking towards the identities. And so the data needs to be governed, it needs to be protected.
So you need to sort of work out what parts of your data are important, what parts of your data need protecting, and what parts you can actually call a privileged data or privileged tools, privileged clouds, privileged servers, databases, etc. So you need to start thinking also not just identity first, but also data first, because the two are invariably connected. If you took away everything in the middle, you still have your core computing, you have people on the infrastructure, all the identities, and they're looking to get to data. And of course, you could take away all the identity zoo, etc.
in the middle, but that would be chaos. But essentially, what we need to do is think about what it is that identities want to do, and then start thinking about an identity first process to manage that. And then right at the bottom, we have foundational elements, which will always, you know, we're talking here about maybe like zero trust, zero standing privilege, data governance, EDR, XER. But to add, you can also add, you know, traditional cybersecurity elements, which whilst are not fashionable, still exist, still exist for a reason, things like anti-malware, for example.
So all of that is part of this new paradigm identity accessed data. Some of the challenges that we have, and there are lots more, but these are sort of some of the the main ones that Andre will probably pick up on as well. But when we have this identity first computing, we also get identity first challenges. So we have users with too much privilege, we have users with standing privileges that they don't use, that they don't need, which are a risk. Very often, even now, many businesses don't have even any type of privilege access management.
They don't sometimes use only the basic identity and access management. They don't use IGA, etc. So they don't really know what's happening, and they get limited access control and feedback. Some older tools are quite cumbersome, many vendors, have now improved credentials management quite considerably. They've improved the admin tools, the admin layer, the admin dashboards, etc. So that things are so much easier to manage, but we still have a way to go. We haven't, until now, had specific tools that can focus on identity threats as they happen.
And then there's a lot of other things that we haven't done. And there is probably a reliance for those customers that have used PAM to use vaults and passwords. Vaults and passwords are still one of the safest ways of processing privilege access, but they're not the fastest, and they can still be abused if an identity is hijacked, an identity is taken over, or even if it has happened, an identity, a privileged account, I'm sorry, I should say, is taken over by a hacker, and all they do is ring, say, a service desk to change the password, and then they're in.
So there is some aspects of PAM, which we have probably relied on a bit too much. And we haven't really thought about zero standing trust. We haven't thought about, sorry, zero standing privileges or zero trust. There's a reason for that, which I'll come on to in a minute, because it's not that easy. But anyway, so what is ITDR, to introduce one of the big themes?
It is, in effect, these four things. It is a structural protection of identity systems. So it's less about a management system, it's less about putting identities where they should be, it's about actually taking those identities as a physical thing, and protecting them from attacks right at the beginning of the workflow. It's designed to help us maintain an identity posture, so it can work with data governance tools as well, and also risk assessments, and ISO, and all the other standards that we try to meet. And it should also, the R in ITDR stands for response.
So it should give us the chance to respond to attacks. So when you have an alert, that you can shut it down straight away. And of course, that would then lead to the restoration of identity posture. So that's the remediation part of it.
So that's, in four simple sentences, what it is. What is it protecting against, though? So these are just some of the identity-focused attacks that are currently happening, and they're increasingly happening, that are focused entirely on identities, active directories, directories of identities, and so on. So we have this rather weird name sounding, Kerberos, which basically uses pretty blunt tools to crack service account passwords. There is the golden ticket attack, which also attacks, exploits active directory vulnerabilities, and can then bypass authentication, and so on.
So I won't read all through all of these, but each one is something which is happening right now. And of course, these can also lead on to further types of cyber attacks, such as ransomware, where these attackers can use identity theft or identity attacks to get into the system, and then they can do more. They can sit there and wait, or they can start shutting down servers, and so on.
And the other one that is worth mentioning, I think, is credential harvesting, where attackers quite often will go into businesses, don't necessarily do anything significant, but what they are doing is collecting user IDs, passwords, etc., for use later on, or for sale to other attackers, and so on. So there's a lot going on in the world of cyber crime against identities. Here are just some kind of rules or processes to start thinking about when you think about identity threat detection and response.
They're not really all that different from the sort of rules that you should apply to any kind of cybersecurity tool or identity tool. First, you have to think about what's out there, so assign ownership, clean up risky access, but I would also add that you need to think about your data there at the same time. So hygiene of data, what kind of data there is, whether it's high risk, whether its privilege value is high, whether it's low.
Then you need to discover, again, that's very similar to discovering privilege accounts or discovering cloud entitlements, but in this case, you simply need to know who has identity, what the identities are. You need to discover all the accounts belonging to or attributed to identities and what they do, and then visibility, and so on, and risk assessment again. So this is a process at the beginning of ITDR or thinking about when you're going to manage your identities a bit more carefully.
So before you even get to the point of looking at ITDR vendors or tools, this is the sort of process you need to get into. And then you could move on. So this is where you possibly might start to use ITDR. So with this, you can restore the posture and start deploying those preventative measures, which are what is in ITDR. Then you have a dashboard, a feedback system where you can then start monitoring in real time what's happening to your identities, very much like what most PAM systems will be or identity access management, but these again are focused more granularly on identities themselves.
You can investigate type of threats, and then you can think about your remediation strategy, which you can apply. And again, this is a circular set of activities, which you probably would have to, you know, a bit like painting the fourth bridge. You can't just do it once because your whole posture of the business will change. Everybody's business changes every single day these days because new identities are added, new identities may be taken away, people leave. You start working with contractors, you start working with partners, you acquire another business, you build a new cloud, and so on.
So this whole process needs to be done on a very regular basis. To prove that our end users are thinking about this and Zero Trust, which is the third of our power trio, just show you that in this survey that we did of our end users, that making trust is by far the something that they want to do, 41%, and multi-factor access was second. But this is partly because Zero Trust has had a lot of publicity recently, and partly because many people are talking about it, which is kind of like a self-fulfilling prophecy, but it's more than that.
People are interested in Zero Trust, but it's not something that you can easily apply and do. This is a very nice definition of Zero Trust by the U.S. Department of Defense, which, in their words, is for users and non-person entities, which is, in other words, machine identities that we talk about. But the whole point of Zero Trust for them, and as a defense organization, you can fully understand securing, limiting, and enforcing person and non-person's entities' access to data applications, assets, and service, which is really what I was saying earlier on with my chart on IAD.
And it must encompass the use of identity capabilities such as MFA and PAM. This may be upgraded. If ITDR proves to be a useful tool, they might start recommending ITDR as well. But I think the last paragraph, organizations need the ability to continuously authenticate, authorize, and monitor activity is key to what ITDR can do in line with SCIM, PAM, and IAM now. That link there you can download later and have a look at a Zero Trust strategy. But just Zero Trust is not something you can buy. I lost count the amount of times I've said that, or we've said that a couple of gold, but it's true.
It's an architectural concept. It's something you build. Not everybody's Zero Trust is going to work in the same way. It's not just technology. A lot more needs to be added to it, policies, process, technologies, et cetera. And it applies to all assets, users, and data, and everything in compute, everything in your stack. But there has been, for those that have successfully implemented Zero Trust, a tangible business benefits. It does actually make the organization not just safer and more secure, but also more efficient.
And there you have a nice little diagram showing you how one thing leads into the other kind of positive cycle there. I'm going to rush over that. That's just to show you that it's not easy. That is just some of the components that you could list for Zero Trust. You would then need a whole series of consultancies to work out which bits of the components you need, but that's just to show you how big and how far and how wide Zero Trust can go.
So, you might say, how many of these do you already have? But you need to, when you think about Zero Trust, understand your risks, do your risk assessment, understand your requirements. Then you start defining your architecture and do a fit gap analysis tooling.
So, you prioritize, implement, and run, and then keep revising that, as I said in the previous slide. And just to end up, there is a Zero Trust market, but make sure that you investigate this properly with the help of us and people also, like IC Consult and other consultancies that can help you through the Zero Trust market. And it is a long journey. And talking of long journeys, that is the end of my journey. I just wanted to make sure I give enough time to Andre.
So, welcome, Andre, back. And it's over to you now.
Yeah, thank you very much, Paul. And hello, everybody.
So, I'll start sharing my screen. You should see it right now. And then let's jump into the topic.
So, I will focus very much on the aspect how these three technologies, approaches, paradigms can play together. Why do I talk about that topic? Because at IC Consult, we are completely focusing on making most out of the digital identities of a company when it comes to increasing the security posture with more than 850 consultants around the world, which completely focusing on that topic.
So, having said that, what do you expect from a power trio? Well, just one thing, maybe you can think about Charlie's Angels. It's not having three super skilled individuals, but having three super skilled individuals playing together as a team. And that's something I will now talk about. Zero Trust.
So, with the goal of building a real, robust, resilient IT architecture by assuming that there is a successful attacker and it should be really limited in moving forward. Then, Identity First Security as a paradigm of having a digital identity as a parameter, as Paul pointed out. And then the new kid on the block, Identity Threat Detection and Response.
So, the safety net, which comes after everything else, was not preventing the attacker from getting into the IT infrastructure, into IT assets out there. Okay. Then let's focus a little bit on Identity First Security from an architectural point of view.
So, what is it about? It is about having a layer built on identities in front of every single asset out there. And typically, we are thinking about applications hosted on-prem, about SaaS services, cloud infrastructure, but we also see more and more that identity is now used to control micro-segmentation approaches, for instance, to protect application devices, which are somehow limited, not as up-to-date as you want to have them to be for several reasons. For instance, in the area of OT.
And the important point for that prevention is having really all the important capabilities in place to authenticate and authorize the user, of course, with a phishing-resistant multi-factor approach, having a consistent lifecycle for the digital identities processes to give roles and privileges based on the least privileged paradigm, and especially when it comes to privileged resources. One very important area I would like to highlight is the topic of key in the cloud infrastructure entitlement management.
So, having a good understanding of all the cloud resources out there, roles, groups, rights, because unfortunately, in the clouds, the problems are similar to what we want to get rid of in our old Active Directory. So, how much steps are required to get domain admin or administrator of that particular SaaS service, SaaS infrastructure, cloud infrastructure, and having that good understanding is really required in order to protect these resources. Identity-first security. What is here really the difference compared to other patterns?
So, for instance, focusing on the network layer. When it comes to identity, we are talking about the application layer, and because there is no network layer in common for all these different resources anymore, right?
So, this is really the kind of layer we have to rely on. We have to build an excellent understanding and really leveraging that when it comes to the security posture.
Okay, but unfortunately, having the paradigm in mind assume breach, it doesn't matter what effort we spend to prevent an attacker, there will be a point in time and the attacker is there. It's bypassing everything what we built in front of it. And now it comes to the safety net.
So, identity threat detection and response detection. What is here the approach and what should you have in mind? The bad thing is after an attacker was successful in getting somewhere on your systems, the attacker does not need a lot of time to move on from there, finding the next vulnerability, finding the next account to execute, the next privilege to escalate and so on. And why is that the case? It's not because he's a super smart guy.
No, it is because he's following a strict playbook, not trying around without having any glue, but following a strict playbook, tactics, techniques and procedures. And that's the bad thing. And at the same time, the good thing, because it gives you the opportunity to detect that this is very likely an attacker and not just a user not knowing what he's doing right now. And it is about behavior analytics, understanding what is a regular user doing and understanding, hey, here's something significantly different.
To give you an example, a regular user that's successful in the multi-factor authentication is now downloading all the documents he has access to, SharePoint or any other application, and then modifying all these documents several times, revoking, purging the history of the documents, versioning and so on. And what is that?
Yes, it's of course a ransomware attack, right? Very obvious, just based on the user behavior without any other indicator of compromise, it's already very, very likely that this is a ransomware attack and not a regular use case. So just based on the user behavior. And then it comes to the response. The response from an identity perspective. Why is it important doing it also from an identity perspective?
Well, because there are many resources out there potentially accessible by that compromised user. And this is something that we cannot limit by just saying, hey, okay, we're isolating the device because there may be issued refresh tokens out there, which can be used to get access to resources from different places as a regular loose use case, not as a misuse case. And for these reasons, we really have to make that kind of response from an identity perspective.
So having an exact understanding of what questions are out there, what tokens are out there, and then revoking everything, limiting the access and shutting down the attack, making sure that not more harm is done to the organization. And now let's differentiate identity-first security and ITDR. So identity-first security is really about doing everything to use the identity as a layer. Authentication authorization is privilege, but also adding things like device compliance to it. And then the safety net to stop, to detect, and then to stop the attacker. Okay. Two of the three guys in the team.
Zero-trust. Let's recap. I'm quite sure most of you guys in the audience have seen the zero-trust architecture by NIST several times. I don't want to go into the details, just highlighting a little bit of the core idea and then bringing it a little bit into the context of the other two of our trio. So never trust, always verify. What does that mean from a technical point of view?
Well, we are going to evaluate every single request. Authentication, authorization, by putting a lot of context information into that evaluation process. So then what kind of resources is the user accessing? Does the user have the required privileges and so on? But also context information when it comes to the devices. Is it a company-owned device, which might be necessary based on the nature of the individual user, or even not possible, thinking about maybe a contract or supplier, which might not get a company hardware from you, maybe they get.
But having these kinds of things in mind for building that policy, then having an understanding of the compliance of the device, understanding of risk scoring when it comes to the user, to the device, to geolocations, and live information available and using that to make a decision based on that individual request. And there's a pattern on policy enforcement point, policy decision point, and in order to have the capabilities and not saying, hey, we hand over that difficult thing just to the application, they should take care of it because that will never work out.
Anyhow, most of these activities are primarily contributing to identity-first security to the prevention part of it. But there are also aspects covering the ITDR part, and I want to point them out and highlighting them a little bit before really going into how to leverage the TRIO. And there are different trust maturity models out there.
Here, as an example, I've taken a popular one provided by the CISA. And what you see here, when you look to the different levels of maturity, you can achieve in the different pillars, for instance, on devices, on identities.
And then, even if the term ITDR is not used, as Paul also pointed out, there are aspects saying, hey, we need to have a continuous validation and risk analysis on the identity perspective. And it's not just about the static nature of an identity.
Hey, that's a risky user because there's a number of privileges, maybe, which are not violating segregation of duties, but still much more compared to other users. It's also about the live data and using that continuously. And when it comes to session, we are here explicitly in the area of ITDR.
So, one recommendation I would clearly like to make is don't see this as a topic of ITDR as a complete separate new thing, not related to your Zero Trust Program. No, see it as a part of your Zero Trust Program in order to not just achieving the basic levels, but to go for the optimal level. And now it sounds a little bit like, hey, I'm already in good shape, and now it's really about getting the last 10% out of it. But that is not the case. The maturity model is already a few years old.
And this was before the rise of Gen-AI, this focus on leveraging that for attacks directly on the identity layer. To share here a few examples, first of all, quality of phishing or spear phishing attacks is much higher than two years before without Gen-AI. It doesn't matter what language you're focusing on or which companies. It's achieving a completely different level of quality The likelihood that users are going to follow such a scam is much higher than before, and very often credentials are leaked while they're accessing websites that are used to provide malware to the client.
So, this is one thing. The other thing is that also the supporting processes, when it comes to AppDesk, the MFA device is not working anymore, lost, stolen, whatever, it has to be re-enrolled. These are much more under attack than ever before, with a completely different level of quality that attackers have there today, and that will increase much more in the future.
So, today they are the first kind of POCs with deepfake technology out there for CEO fraud, making voice synthesis and live deepfake of face and video conferences, and using that to get transactions in multi-million dollars, euros, pounds, whatever, but this will be available to a much broader range of attackers in the very near future. So, therefore, achieving a high level of maturity for identity is absolutely necessary.
So, now, how does our trio play together? So, you have the Zero Trust program in place.
Now, it's about boosting the Zero Trust program in two different dimensions. One is about the efficiency.
Typically, in Zero Trust, you're building up a lot of capabilities, machine-resistant multi-factor, device compliance, and so on and so forth, but the question is, to what degree are you really enforcing it? And here, identity-first security as a paradigm can help a lot by really following that approach to applying the identity as a parameter on all kinds of resources. And that's not just limited to SaaS and legacy IT systems, but also to approaches in which you have to combine it with micro-segmentation in order to protect some very old, outdated systems which you cannot harden in other ways.
And also, the approach to really monitor the coverage you have in the real life, not just based on paper or in theory. In theory, all users have MFA, phishing-resistant. In the real life, 60% are using it, 40% are going to a one-time password which can easily bypass phishing. It's very efficient in getting hands on that one-time password. And the second dimension is making it more effective by really going for that optimal level and saying, hey, ITDR is an integral part of my zero-trust journey. And there are very good reasons for doing that, and I would like to provide here two findings.
One is when it comes to identity access management, you have an application onboarding process in place. So you are in contact with the application owner figuring out, okay, roles, rights, process, processes does apply. When it comes to authentication, the whole user community, something where we have already MFA in place, what can be enforced, what other requirements, risk, appetite of the application owner, and so on and so forth.
ITDR now gives you the opportunity to combine that with an application-focused risk storming session where the application owner can really focus on what other risks relate. And I'm not talking about those things like, hey, we did a lot of tests to make sure that we do not have any cross-site scripting vulnerabilities or other injection attacks or outdated components with non-vulnerabilities.
Now, if an attacker has no access to your application as a user, what will he do? Oh, yeah, he will, it's Salesforce. He will try to get all up all open opportunities. He's interested in what prices are we able to achieve. So they'll download closed opportunities, documents to it, and going through all of that. Is there any situation in which a regular user would like to, would do that? No. Only if he's quitting the job and wants to take information to the next employer. So here's the point.
There are typically these kinds of situations, very clear for different software applications, and you can figure out if your ITDR is able to detect that. There are a lot of different capabilities within ITDR, not all tools contributing something to ITDR or focusing on that level, but there are also tools which are focusing, for instance, on soft services and on these kinds of patterns and helping you to understand that everything else was bypassed, and now the attacker is on that system, and now you are able to react there.
So risk-storming from an application point of view, and the other thing is obviously you have to have a very, very strong integration between the identity access management operations team on the one side and the SOC on the other side, because security is not something for one very skilled individual, no, it's something for a team working together so that all parties can contribute their core competency in order to increase the security posture of the organization. And well, having said that, there's one last thing I want to say. So today's Thursday. What is a thing to do on latest Monday?
How can we work on making that real? And one approach I can recommend is getting a very good understanding of the current capabilities, because typically you have a lot of capabilities already in your organizations. And then based on that, developing a strategy or making the topics Paul and I were talking about reality and having then a roadmap which allows you to step by step making progress, providing additional value to the organization, because time is running up when it comes to digital identities.
We are much more under attack than ever before, and have to do everything to make sure our organizations are secured against the attackers out there. Yeah. And having said that, I would like to hand over to you, Paul, again. Yeah. And talking about questions. Yeah. Let me just share my screen now. So you should be able to see that, hopefully. Yeah. Whoops. Great stuff. Thank you very much. It's obviously complex. It's not simple, but then nothing in security is simple.
You kind of answered that first question that we had, if you don't even have a zero trust program, what would you recommend to do tomorrow? But you kind of just said that really in the last slide. So there was a question.
Sorry, go ahead. Yeah. Maybe to just highlight that point.
Of course, companies like IC Consult are really happy to support on that kind of assessment, getting idea of current situation, then providing a roadmap. And based on the experience, what is working well for other organizations, that you do not add a lot of risk to your own organization by going into the direction, which does not provide the value you expect to get out of that. Okay. A question from Jeff Kushner here. It's a good point.
It says, how does configuration management play into this? Because that's a key component to meet best practices, regulations, third party requirements, et cetera. We didn't probably talk about that much. So maybe you could just touch on that a little bit, but configuration management, where that fits in, well, zero trust, well, zero trust, I guess. Yeah.
Well, I think it's very important for several of the points we were talking about without explicitly mentioning it. Because what is the case where we have today, a couple of customers saying, hey, we are now on a cloud infrastructure, AWS, Azure, whatever. And there are so many possibilities where you can really expose too much of the resources you have by having configuration errors, by not knowing, by one developer is doing something. So I typically say, hey, typically you are based on the modern paradigms, configuration is code, infrastructure is code.
You're just one single line away of exposing your critical database into the internet. And therefore that's a super important topic. And that's an area in which, from my point of view, the identity first, security, even the cloud infrastructure and title management plays a very important role because that gives you understanding from a different perspective, what impact did the configuration change?
You still have to manage your configurations accordingly, but that's a kind of second layer of protection, which might help in some situations, not all of them, but it's a very, very important aspect, I would say. Yeah. And the other thing I mentioned, DR, ITDR is kind of the latest in the line of DR technologies, but what makes a difference? And how would XDR, let's just lump all the others as XDR for now, and ITDR, is there any overlap between ITDR and existing XDR tools? Do they work separately or would they work together?
Yeah, well, our impression is that today, a couple of vendors are saying, hey, we are doing ITDR. And what they are doing at the end of today are very different things. Some I would say, hey, honestly, that's not ITDR, you're doing a sophisticated kind of conditional accessing, but it's about the prevention upfront. But on the other side, there are also different XDR providers, which are now focusing a lot on the identity.
So for instance, providing the capability to work with honey tokens, cookies, access tokens, these kinds of things, which are then taken from an attacker and used, and then a lot is triggered, or focusing a lot on what is happening on the active directory whenever a session ticket is used. Now, that's something what we didn't expect in that way, to have not from that particular user. So capabilities, which are very, very closely related. So from different angles, the players are moving into that segment.
So I would say when it comes to implementing it, then it's likely that the XDR solution can significantly contribute to ITDR, even if it is not covering all aspects of it. Okay, another question, what impact do you expect PaaSKey to have on zero trust? Interesting. There's an interesting one because I think the good thing about PaaSKey is it's really very phishing resistant, multi-factor approach. But of course, there's a couple of different flavors. Is it roamed via your cloud account, your Apple ID and Microsoft account and so on? Or is that not the case?
My take is the attacker will, in the likely next year, not really focusing on the vulnerabilities of PaaSKey itself, because it's a vital tool, standard from a technical technology point of view, it's out there a couple of years and very robust, but they were focusing on the hapless processes. There will be situations in which PaaSKey has to be re-enrolled for any reason, cloud account not recoverable, device lost, broken and so on. And the attackers are really focusing on that part and getting into it.
So you have to be very aware when it comes to protecting all that kind of reset hapless processes to get very robust. Okay. I might just go back to one of my own slides actually, because I think if you present this to a client or anyone, they think, oh my gosh, look at that zero trust. These are all the things I have to buy, I have to deploy to make it work. But that's not the, this is maybe not all of them, but it's an awful lot of things that you could, but you don't need everything on here to build zero trust, do you? Exactly.
I would say the one thing is that's a kind of point of view when it comes to capabilities or components from a theoretical level, but when it then comes to the real world and to products offered by vendors and typically vendors are covering more than just one of these boxes, this one product already. That is the one aspect. And then also other components, which are identity focused are covering several aspects of that.
But it's really helpful to get a good understanding what are all the capabilities and components we are talking about, have an understanding, where do we have gaps and having kind of good understanding of the risks, which are then related to having that kind of gap in your cyber security landscape. Yeah. And of course, that slide actually needs a bit of updating because it doesn't actually mention Kim or ITDR. So we need to make it even more complicated for the next webinar. Going back to, we're coming towards the end, but how, you obviously deal with customers all the time, your clients.
How often did they mention zero trust these days and identity first? Is it really current thing that they think about? Zero trust, absolutely. So that's kind of top priority for a lot of our customers. That's kind of top priority for a lot of our customers. Not always with the kind of, we have a zero trust program in place, but we have to do zero trust and let's figure out and say, okay, here are some areas where you are obviously having something to improve, to reach some of the kind of minimum level.
Identity first security, I'm not aware of the particular programs around us, but I would say that's kind of different perspective in what is completely included in zero trust, but from different persons and the one running zero trust, that's more that kind of network perspective. So that's something what we mostly from that kind when it comes to, hey, we have to protect the operational technology and we cannot do anything to increase something directly on these components.
We have to segment somehow, but who is able to access things at that segment, because there are so many companies out there hit by attackers, really affecting their capability to produce. On the other hand, there's a need to get somehow more connected and that's an area where we see this happening. Okay.
Well, it's good to know that we're talking about the right thing and that's brought us to the end with no more questions. So, Andre, great, great. Thanks very much. Great to see you again. Hopefully see you maybe in December. I don't know if you're coming to Cyber Evolution, but anyway, it'd be great to catch up. Thank you all for tuning in, listening today. Thank you all for your questions and thanks for our organizers and our producers for producing the webinar. And obviously, finally, thanks to IC Consult for supporting us. So with that, I'll say goodbye to everyone.
Thank you very much, everyone, and goodbye. Have a great day. Bye-bye.
