Welcome to this latest KuppingerCole webinar. I'm Paul Fisher. I'm the host.
And today, we are joined by Andre Priebe from iC Consult, who also kindly sponsored the webcast webinar. And we'll be talking about identity and access management.
OK, no big deal. But we are talking a little bit more in depth about terms that you may have heard on your radar a bit more in the last 12 months or so, which, of course, is zero trust, and kind of the new kid on the block, ITDR. So here is what we're going to be doing today, and just some housekeeping for you. You are muted. So you can sit back, relax, don't have to do anything, and just enjoy the webinar. We have a couple of polls, which we'll run at the webinar. And then we'll look at the results during the Q&A. And of course, the Q&A is also your opportunity to ask questions to us.
If any of your colleagues couldn't make today's live session, then don't worry, because we will be uploading the entire webinar to the KC website. And it can be enjoyed at your leisure anytime in the future. So I'll be talking a little bit, first of all, about the various forces going on in identities, various trends, various challenges, pain points, et cetera, that we are hearing about in the market. And then Andre will talk much more specifically, obviously, about some of the things that I see Consult is doing to help their clients work with not just Zero Trust, but also with ITDR.
And then, as I said, we have our questions and wrap up. So I always start my presentations with this slide just to kind of set the scene, not just because it's a very nice and colorful slide, but because this really, these five words, everything works with everything else, is how I see the IT landscape, the business landscape, and the identity landscape that we're in. So literally, everything that we do now, everything that we use, is at some point connected to something else. And in the end, everything is connected to everything else, which makes life harder to keep it secure.
But it does actually make everything work in the way that we want it to ever since we had the revolutions of the internet and then the revolutions of mobile apps, et cetera, and the fact that everything pretty much now runs on web. So remember that as we go through today's webinar, the background. So here's the first of our polls that I mentioned. And you have plenty of time to answer this. We're not going to, as we have done previously, wait for the result and then carry on. So this poll is now running. I will read the questions just in case you can't, but you should be able to.
So which of these identity solutions do you have in place? Privileged access management. Privileged access management and cloud infrastructure entitlement management. Those two plus ITDR, which would be interesting to see how advanced that is. None of those or some other combination. And so we'll leave that running for a bit. And I will now carry on and talk about where we are. When you start to break down the everything, everything world, this is what you'll find. And you won't just find this, of course.
This is really a kind of simplified view of what you might call is a typical organization right now. Could be an SMB, perhaps, or a slightly larger. But you'll tend to find that the organization that's running in this world, which has identities running through it, will have some of this stuff in it. So you'll have hardware devices, computers, or compute devices, which they've now suddenly started being called. I don't know why. But suddenly, your PC is a compute device. But in everyday language, we're talking about PCs, mobile devices. Increasingly, we'll talk about bots and robots.
But then added to that, in manufacturing industries particularly, we have things that are actually connected but doing stuff on a kind of passive basis. So we have sensors, meters, and everything else in the industrial internet of things. We still have our IT admin identities. And they can be human-controlled or human-programmed. But they tend to be things like service accounts, shared accounts. Software is, again, the whole world is full of software. And increasingly, that software is cloud-based. It is infrastructure as a service. So we have containers, microservices.
And of course, applications, everything is still, at the end of the day, you're still using an application to get something done. But you need an identity to get on there. APIs are everywhere. And then we have the ever-growing influence of the developer world. So we have code flying around. We have people sharing bits of code and scripts and workloads.
And all of that is putting a pressure on traditional identity and access management systems that weren't actually traditionally designed for these more cloud-based, more flighty, shall we call them like that, more dynamic identities and processes which are happening. They were more geared towards old-fashioned admin accounts and slower user accounts. One thing that I could have added to this slide is AI. The reason I didn't is because A, everybody's talking about it.
And B, we don't yet really know how the tools that have emerged over the last 12 months are really impacting. You will probably put it in the automation bracket there on the right of your screen. But as far as I'm concerned right now, the AI tools will assist. And I'll talk about this in a bit more. Will assist in traditional identity and access management tools rather than replace them as some people rather optimistically seem to think that AI, that we are at the start of this revolution which is just going to change everything overnight.
Well, it ain't going to do that, in my opinion. But we do have increasing amounts of automation carrying on. So we have bots. AI bots are part of that, so chatbots, et cetera. When you actually use these chatbots, though, you will find that they have extreme limitations. But in the areas of things like analytics and search tools and being able to, for example, find vulnerabilities in code or software, then I believe that AI or automation will play an increasingly bigger role in that. And that's all I'll say about AI for now.
This slide is really the way I see identity and the forces that are kind of happening. Although the business world is at the same time attracting these forces as well as not being able to stop them anyway. So the three major trends that's happening in identity is velocity, simply the actual speed or dynamism of identities as they approach what we might call a traditional business IT infrastructure.
Of course, that business IT infrastructure is now not just behind a perimeter. It's, like I said, everything is connected to everything else. So we have service providers. We have third-party vendors. We have the software supply chains. And physical supply chains all, at some point, will connect with the business IT. And that's the dispersion part of this. And then we have the density, the sheer number of identities. And they're all bundling together as in this image here and hitting business IT all at once.
So those three, velocity, dispersion, and density are also putting new pressures on identity and access management, which would normally sit sort of here before they access business IT and privileged access management and Kim, et cetera. So just think about those forces as well. And I think you'd probably agree in your own organizations that these things are happening. Let's break it down a little bit further and get into what is happening inside that business IT. So this shows you how we try to manage identities right now. And at Kuping Koko, we can identify seven key identity types.
So we have administrators. We have developers now, traditional end users, machine identities, which could be attached to virtually any piece of code or application or service account. And then as I mentioned, we have third party identities. We have people on endpoints that weren't necessarily there before the COVID event. And we also see increasingly customers being accepted into the business IT universe. And to control that, traditionally, we've had identity and access management. We've had ID governance, et cetera.
We've had privileged access management, which has been around for about 20 years to help govern access to things which are considered more sensitive or dangerous if put in the wrong hands. And then recently, we've seen the emergence of cloud infrastructure entitlement management, which is a kind of PAM, except it works more quickly and it is aimed at stuff that is existing in the cloud and tends to work more closely with developers, et cetera. And all the stuff that these identities are trying to get sit increasingly on cloud services.
Even what you might call on premise is now almost seen as a private cloud in as much that it functions in the same way and that people will try and access it as a cloud. And it's subject to the same laws and policies and risks as any other cloud. It just happens to be sitting on PAM. Some people have called it a ground cloud. But call it what you like. What I'm trying to say here is that you should treat everything as a cloud. So treat everything as something that needs to be protected like a cloud and has the advantage of a cloud.
And finally, all the stuff on the right there is a list of things that people and users and identities and machines are trying to access. But let's just add a bit more to this. So now we have ITDR, which is what Andrei will be talking about in a little while. And as I said at the top, ITDR is kind of a new technology, a new platform type, which stands for Identity Threat Detection and Response. And it's come about because, A, there's been a bit of a revival of detection and response applications. There's been a bit of a revival of threat intelligence.
And it was kind of almost inevitable that someone would say, well, we need to know specifically what's happening to our identities that are traveling through this flow that I've described here. And so that effectively is what ITDR has come to help with. So in addition, so it sort of joins the foundational elements here, ADR and XDR at the bottom, as a way of managing, looking at, analyzing what's happening within PAM, KIM, and Identity and Access Management.
And it's also being used as a way of, if you deploy these together, that you should or hopefully might be able to come to some semblance of a zero trust design, as in laid down by NIST. So all that is happening. I think ITDR is very welcome. I think it's overdue. And I think the ability to give organizations an easy way of seeing what's happening to identities in real time is great.
And also, I noticed that the last InfoSecurity Europe show, the threat intelligence has certainly come to the fore. But more interestingly, it's a lot better and it's a lot easier to read. Because everything is faster now. So we need threat intelligence and identity intelligence that can be read, not just by admins, but other types of employees as well. So this also looks at something that one of my colleagues, Mike Neunschreiber, recently wrote about in a advisory note for KuppingerCole.
And he goes into a lot more detail about identities, how we might start to apply distributed identity systems, because there are user benefits to that. There are business benefits to that. But he also has his own trends, a bit like my identity forces. And we have hyperconnectivity is one of these four trends, hyperintegration, hyperpersonalization, and hyperdisintermediation, which I'll go back to, again, sort of what I was saying. But it's nice to have one of my colleagues also in agreement.
And then we're talking here about trusted IDs, so that they can decouple the identification and authorization by a service provider. Now, trusted IDs have recently taken a bit of a knock due to various episodes. And you have to stop and think and say that the accepted trusted ID or ID provider type of model on its own has flaws. It's mostly good, but it has flaws. Some kind of threat detection, identity detection, would help us see when those identity authorization and IDs are at risk.
And another idea that he has is using a distributed identity system, which would give us a greater level of authentication and help us, to use the phrase, identify the identity before we start letting it into our trusted systems. So again, all of this, the four trends and things, help us understand the need for ITDR. And coming up to the end of my section, we will have six ways of interpreting the traditional detection response process. So as I said, ITDR will give us real-time event monitoring so that we can see what is going to happen before it happens.
We can detect anomalies that are happening in the identity behavior. Suddenly, that identity is in a place that it never normally is. We can even do some biometrics so that you can detect different patterns of typing, even eye movement, et cetera. And then if there is doubt, then you can remove entitlements, disable the account, and so on. And there is this last, this second, this fourth one, deception. It sounds a bit like honeypot technology. I'm not sure about this personally, whether it's worth the time, expense, and admin to create a kind of fake IAM infrastructure.
I don't really think, unless you have the resources and you have ways of running that, it probably would work. But we all know that attackers are actually very smart and not necessarily would be duped by that. Or they may even use it to actually piggyback on to the real infrastructure, and so on. So we need better identity proofing so we can prove the identity against digital documents and so on.
And also, we can better look at the hardware that is being used. Because at some point, every identity is going to need a hardware platform to try and access and try and authenticate to get in. So ITDR can also build up a pattern of behavior on a hardware device, see which hardware devices are normally used by identity, et cetera. And if they are suddenly logging in from somewhere strange, then a alert is sent. A bit like right now, if you log into your Gmail account or log into an Apple account from a device not normally used, then you will get an alert message.
So similar to that, but on a much bigger basis. So finally, Pam, Kim, ITDR are part, or should be part, of a modern identity fabric. We talk a lot about identity fabrics at Kuping et al. I'm not going to. This slide is purely for your reference so that you can take it away and study it. Because we have pretty much here put everything that could be found in an identity fabric. An identity fabric is basically the wrapper of identity tools.
So Pam, Kim, ITDR, et cetera, IAM, which together form a stronger defense layer against attack. And I think the key to this particular bit is that what it says there, IAM is not static. Continually evolving beyond the traditional scope. And that's really what I've been talking about all the way through this, is that IAM is changing. It has to change. It is changing because of the forces that are, the identity forces that business is faced with every day. And I'll just go through that. There we go. So let's now do our final poll before I hand over to Andre. And it should be open now.
And again, we'll look at the results of both polls at the end of Andre's presentation. But what impact do you think the increase of AI adoption will have on cybersecurity in the next few years? So there you go. I said I wasn't going to mention AI, and I didn't exactly. But here it is in this poll question. Will it improve NDR, ITDR capabilities?
Will it, on the other hand, increase automation of cyber attacks? Will it increase or improve vulnerability identification? Or will it increase AI-leveraged complex attacks? So we're actually talking about something that we haven't seen just yet, but no doubt would involve some kind of fake ID or even fake imaging, et cetera. So just leave that on the screen just for a couple more seconds while you play. And now I'll welcome Andre. Thank you very much. I have the pleasure to now share a little bit of our first experiences in the topic of ITDR. So my name is Andre. I'm the CTO of iConsult.
We are a system integrator and consulting company completely focused on identity and access management with more than 850 employees in Europe and the US. And as CTO, it is my responsibility making sure that we can provide the cutting-edge technologies in digital identities to our clients. And obviously, ITDR is one of these very exciting ones. So therefore, I will now start directly by jumping into the topic. I'm quite sure that Zero Trust and the architecture here based on the reference architecture of NIST is known to most of you.
Therefore, I don't want to go into the details. Just provide a little bit of overview and how it affects ITDR and the approaches around that. So the core idea of Zero Trust is we assume the breach. The attacker is able to bypass somehow our preventive measures. And now it is about making sure that the attacker cannot cause too much damage. In addition to that, by enforcing authentication, authorization in front of every single resource out there. This is a core idea.
What is important for the discussion now is Zero Trust also wants us to bring in a lot of context information, not just about the subject, not just about the devices Paul was talking about, but also events based on what we have collected in the SIEM system. And there's a purpose of protecting resources there. So it is very closely related to the paradigm of identity first security, which is about really increasing the prevention of attacks by focusing on protecting the resources, the accounts, and by all the measures.
It's been taken like MFA, including taking into consideration the device compliance status and all these kind of things. But Zero Trust, unfortunately, the attacker will be successful one day. And ITDR is now really about detecting the threat and responding to that. So we will talk a little bit later about how this happens in specific cases. But right now, what are the challenges we see with our clients going into that direction? Because there are unfortunate challenges. It's something very, very new. And we all have a lot of things to learn.
And I want to start with the first area of challenges, which is really the false positives out there. Because there are a lot of situations in which alerts are fired. And there's really no good reason for that. One challenge are private browser sessions, or also browser sessions by embedded browsers. So the browser part of your VPN client, for instance. It's behaving different than the standard browsers out there.
And plus, it's really difficult to make sure it is the same device accessing it, if it is a non-managed device, if the browser session is private. Because typically, a little bit of context information is stored in the browser in order to make sure that the same browser is accessing the resource and detect it again, even if smaller things, like if smaller things in the overall environment are changing. The usage of VPN is another topic. And I'm not talking about the company-provided VPN, because that's something we know. The users are logged into the VPN.
Therefore, a different IP address and so on. For specific segments, that's easy. But more and more people are using VPNs for private reasons, for privacy or getting access to the right streaming content while traveling.
And this, then, also causes alerts fired. Then, the next thing is about the inhomogeneous user base. We make assumptions, typically, based on, hey, that's our standard image. And this is enrolled to all employees. And that's the way we expect them to work with that. And these are applications and so on. But if you're a large-scale enterprise, then this is often true for locations, which are very centrally managed. But for the remote locations, subsidiaries, sites in other regions, they are often ways managed in a little bit different way.
So for instance, there was already a device management in place, which is quite different, cannot be integrated that easily. Different images, contractors are working a different way, and so on. So at the end of the day, you're getting alerts. And then have to understand them and adapt the policies, adapt the configurations to make sure that these alerts are not fired anymore. And one point, unfortunately, it's still, today, happening quite often, the non-compliant use of user accounts, account sharing.
OK, you can argue, hey, very good that we have alerts, that we can dig into them, say, hey, you're not allowed to work in that way. But very often, there are reasons for that. Limitations, restrictions, again, typically in remote locations, subsidiaries, in other regions, and so on. And then you are trying to make the specific whitelisting configurations, and so on, to make sure that you don't get these alerts based on a user behavior you don't want to have in general. So these are some of these challenges when it's about implementing and enrolling ITDR.
And then there are organizational challenges. I just want to mention a few of them. One is about data privacy. Identity threat detection. One very important tool is the user behavior analytics. But to analyze the user behavior, you have to store it, to build a kind of standard model, and then understand that there is a kind of behavior which doesn't fit to the standard model. And you can use that data for two purposes. Detecting the threat, OK, that's great.
Or, for instance, to analyze the productivity of that individual employee. And what we have seen is that, especially if there are strong worker cons in place, it might happen at the end of the day that you implemented ITDR and cannot apply to the majority of your users, but just to users in countries in which the influence of the worker cons isn't that strong. And that's, of course, very disappointing. The other topic is to detect threats.
It's very useful to not just focusing on what is happening at authentication, authorization time, but also what is happening at events, at the source system, for that specific user. Because that's something where you, by having knowledge of the way the attacker will work, you can detect an attack easily. So for instance, what is going on if a user is accessing, reading all documents he has access to, and then modifying every single document he has write access to, encrypting it. That's very likely data exfiltration, the first step.
And then ransomware attack to encrypt all the data for further purposes. So just because of that, you're quite sure, OK, an attack is ongoing for that specific account. But to be able to do that, you have access to these kind of events. And this is nothing you get at the point of authentication or multi-factor authentication. But what is about if these documents are part of a shadow path? So the shadow IT in the cloud, you're not aware of them, cannot detect anything yet there.
And so the integration challenge, especially of all the things you do not know exactly, that's quite challenging, quite challenging one. OK, I talked about the problems. Now I want to share recommendations about approaches, how to start with implementing identity-first security and ITDR in the real life and in generative tools. You can go for a forward planning approach or kind of reverse planning. Let's start with a forward planning. What is always a good idea? Starting with a capability assessment.
So having, first of all, an idea of what is the target state you expect, and where are you with your identity and access management fabric today? And let me say one thing. The new paradigms of zero trust, of identity-first security, of identity threat detection and response really increased the requirements to be on level four and five there. So if you've been on level four three years ago, then you're not on identity proof. You're not on level four anymore today.
So defining the targets, understanding what are the value today, what are the gaps, and then based on that, what are actions I can take with a large benefit and low costs? So what are the quick wins which really improves security very fast? And based on that understanding, developing, building a really value-driven roadmap for the next months or even years, because when it comes to zero trust, that's a new design paradigm for the IT infrastructure. You will not do that in a 12-month project, but it's a longer-running activity typically. All right. Reverse planning.
Yeah, focusing on the business risks. For instance, the loss of the CRM and sales data. Maybe Salesforce, maybe Fairpoint offers RFPs, and so on.
Now, what can we do? We can do, in first instance, a lot to prevent an attack to be successful, for sure. Enforcing MFA for accessing such critical content, and just with a compliant device, and so on, all these kind of things. But that's not the topic for today.
Today, we want to understand how to detect the distractors there. So by instance, the understanding here is a massive amount of requests. A data exfiltration is just now happening. Or a ransomware attack modifying all of our content. But also things like, not a complete Honey IAM infrastructure, but maybe Honey tokens out there. So there's a Salesforce admin cookie in the browser. Or a Kerberos ticket on the system. And as soon as the attacker is using that token, the alert is triggered. Because the token was never issued to a user at all. It's just a Honey token.
And then we are having a strong indicator of compromise. And hey, this system is under attack. These user accounts are under attack. And then the threat response is taking place, blocking the account, blocking the device, revoking the sessions. Everything in order to make sure that the attacker cannot proceed with natural movement at all. Because based on the techniques, tactics, and procedures, the attacker has the amount of time required to perform such a natural movement is quite short.
Therefore, we want to have some playbook for the response in place. To also have a response which really helps because it's fast enough before things are happening. All right. But there are, of course, not just one single risk, but many risks and many possible activities. So how to proceed from that? So first of all, let's develop an understanding of the risk.
So again, we are talking about customer data, which is lost. So what is about the impact?
Of course, there are a lot of discussions to analyze the business impact. It can be from moderate to major, or to catastrophic.
OK, there are people coming, hey, data loss is just data. It isn't catastrophic at all, right? No one is hurt.
Well, I would say it depends on the data. I'm not sure if anybody remembers the heck of this casual dating site Ashley Medicine a couple of years ago based on the data exposed and published there about the sexual orientation of the customers of that site. People committed suicide, yes?
Therefore, I would say the impact was clearly catastrophic. So anyhow, we have the impact.
Now, what are the mitigations? Of course, against a random attack, we want to improve backup procedures, making sure that backup data isn't accessible anymore, very isolated, and so on and so forth. So we can reduce the impact a little bit. Reputation isn't reduced. But anyhow, we enforce MFA, therefore, decrease the likelihood that such an attack takes place. We bring in the identity proofing, this device binding combinations.
Again, make it more difficult for the attacker to be successful with an attack. But then Zero Trust assumes a breach. What do we do if it happens? Then ITDR comes in. We understand that an attack is ongoing. We start the playbook in order to isolate the device, the user, revoking sessions, revoking access.
And then, yeah, then we were able to mitigate and reduce it to an insignificant impact, the possible likelihood. So now we are green. Now we are happy. So having said that, what are the three key takeaways? So first of all, identity first security.
It's very good to assess your identity fabric you have in place today, identifying the missing pieces for the new methodology we were talking about today, bringing in the capability for identifying identity threats, and learning that an attack is ongoing, which is not just focusing on your network, on your infrastructure, but also taking path into consideration, and having the playbook in place in order to react fast and efficient to stop the ongoing attack. Yeah, and based on that, Paul, I think we are now looking forward to an interactive discussion and questions from the audience.
Let's do the polls first, the results of the polls, I should say, because I know that you're all eagerly awaiting them. OK. So poll number one was, which solutions do you already have in place? And the responses were, I guess, not that surprising. So 28% have PAM, 20% have BERT, PAM, and KIM, and 12% have all three, PAM, and KIM, and ITDR. 12% have none, and 28% have other combinations.
Andre, what do you make of that? I'm actually quite surprised that a significant number already have ITDR in some form.
Yeah, that's impressive. But from my point of view, it somehow matches what we see in our client base, because I would say ITDR is a very broad range. And very often, the starting point for our clients is protecting the old on-prem Active Directory by getting very good understanding that misusers and attack on somewhere around Intel and Kerberos is right now happening. And that's a very first step for a lot of enterprises. And therefore, that really makes sense. That's typically, I would be surprised if all 12% are already focusing a lot on SaaS applications and all the cloud applications yet.
But that would be my explanation why we already have 12%. Yeah, no.
And also, KIM is relatively new. So it's interesting that people are adopting that as well. But that's quite encouraging. What impact do you think the increase of AI adoption will have on cybersecurity? And this is a fairly pessimistic result, I would say, but maybe not surprising. So 20% said they'd improve MDR, ITDR. And 20% said it will increase automation of cyber attacks. Not many people think it will increase vulnerability identification, which is interesting. But 50% majority there are worried about AI leverage complex attacks.
And I think that, again, reflects kind of the media and the hype that's being built up around AI, scaring people into thinking we're about to be inundated with attacks that we can't deal with. And I think that's probably a little bit exaggerated. What do you think, Andre?
Well, honestly, if I would have participated in the poll, I would also have selected the only one. Really? OK.
Yeah, because I think what we have seen is that the tech are very, very fast providing things like warm GPT in order to. But now getting phishing mails without any typos, without any grammar errors, and so on, and a really high quality, and very, very individual. So they were very fast in leveraging generative AI for making better phishing attacks. And also for the attacks focusing on helpdesks by using deep fake technology. And that's unfortunately, the helpdesk and support processes are unfortunately often the very, very weak part of our prevention, right?
So remembering the Oktar Act, which affected MGM, for instance, and a lot of these things are going by the helpdesk. Therefore, I, well, honestly, maybe I'm too pessimistic. I would have selected.
No, no, no. I mean, maybe I'm too optimistic. Maybe I'm actually thinking it's. But anyway, in there is certainly proof that people are concerned. And of course, with some of those attacks, you didn't even need fakes to do that. So if they can do it just by saying that they're so and so, but they're not using any AI. They're literally just ringing up and saying that they're this person. So if they can do that already, I think you're right to be concerned about deep fake.
But to mention it, so to say something optimistic here as well, so I was very, very impressed being the first real life examples for translating natural language by a generative AI into a policy language. And because that will help us a lot as a policy enforcement point side to really protect the resources. But because otherwise, we have the challenge, we need to have best specialists on the application on our side. We need to have identity specialists to build policies together, which is bottlenecked by nature.
And by leveraging generative AI for that purpose, I really think we can improve and moving into real zero trust architecture much better. And that's my optimistic take on the AI from a security perspective.
OK, well, we should do this webinar again in a year's time and see where we are and see if the world has collapsed under AI attacks or IT. Let's see if you're still there, right?
Exactly, yes. But we've got some questions from the audience. The first one is, how is it possible for attackers to bypass multi-factor authentication? I expect the likelihood of a successful attack with enforced MFA to be much lower than shown in the presentation. So that's one for you.
Yeah, so my opinion here is, so first of all, if you say MFA, there are so many different procedures or methods we can use for MFA. But to come back to that Okta MGM thing, right? In that case, of course, MFA was in place. But the attacker just convinced the help desk that he is the right person, allowed to re-enroll it again on his device there. And then he was doing MFA. But unfortunately, he was an attacker, right? And the other challenge really is phishing attacks now focusing on MFA, including one-time passwords, push notification, and all these kind of things.
They are vulnerable to phishing, unfortunately. And therefore, it is still possible. And it was helping a lot in the past because the attacker wasn't focusing on the MFA piece. But now they're focusing on the MFA piece. And we really have to move to phishing-resistant MFA to get a better decrease of the likelihood. So if you are with pass keys, I would say it's better than what shown in my presentation.
OK, thanks for that. Next question is, to have analysis for identity threat detection, laws like GDPR, which stops to share personal information actions, how to implement ITDR?
OK, right, yeah, because you were talking about privacy. How to implement ITDR in GDPR nations or states that are subject to GDPR? I think that's what that's saying. Mm-hmm.
Well, let's call a lawyer for that. Yeah, well, I think that's a challenging piece. I think it's going a little bit in the same direction what I was bringing up with the Worker Council and analyzing productivity of employees based on this data. I think that's a challenging one.
Of course, having the consent of the user that all the data is used to protect his IT assets. I mean, surely the point would be that, yeah, it could breach GDPR, but not if you deploy it correctly. And there must be controls in place for ITDR. And that stop personal information that is not needed to be discovered and shared. But we'll see how that pans out. This question is a bit philosophical. I'm not really sure what they mean. Is ITDR a concept or reality?
Well, I think it's reality. But what do you think?
Yeah, it is clearly this reality. But of course, there are the smaller parts, which are done today, and a lot of ideas on top of that, I would say. So it's clearly a journey.
But also, it's interesting to see is that we see two different acceleration in adapting this pattern. There are established vendors for identity and access management, which are slowly, steady in increasing their capabilities. And on the other side, there are very, very innovative startups, which have a rich set of functionality already in place. Personally, I expect a few acquisitions happening in 2024, focusing on ITDR companies.
Yeah, I mean, it's definitely an area of interest, shall we say. And it's one that is certainly not mature. And I believe you're right. I think bigger players are taking a look at this. And they'll be looking at those innovative ITDR startups, et cetera. So it's an interesting time for buyers, interesting time for people like IC Consult as well. I think you're both going to benefit from this. We've got a question about Zero Trust. But I'm going to leave that one until later, because you referenced an example of compromised SharePoint.
And this question is, is it possible to connect an identity and access management system to SharePoint or other apps to analyze user behavior? Very interesting question.
Yeah, so what we do is, of course, we're integrating for syndication, providing user data, and so on. And often, that's it. The identity access management system issues a session, and then users are working on the target system based on that. That's what I meant by this innovative. Startups focusing completely on the ITDR part, they are really taking care of connecting to all the source systems, analyzing these events, knowing exactly about the user context, and then showing, hey, that's the user journey.
And something happening at this system, and then we know what are the other likely affected systems, devices, and so on. So it's a little bit different than the traditional identity provider. It's a little bit different area. OK.
OK, so this question, is it necessary to implement Zero Trust before working on ITDR, or is that not a prerequisite? That's a good question, because it goes to the heart of what Zero Trust actually is. Do you need to work to Zero Trust kind of standards, or is that just a step that really is the icing on the cake?
Can ITDR, as we all know, Zero Trust is not something you can buy. It's not something that you can plug in. It's a procedural thing. It's an administrative thing. So where would you place Zero Trust in the importance of all this?
Well, I would say, first of all, I completely agree to you, Paul. Zero Trust is a journey, not one thing you just implement. But by implementing ITDR, you are doing a few steps on your Zero Trust journey by assuming that there is a breach and having something in place in order to react on that.
So there, I would say ITDR is part of the larger Zero Trust journey. OK. All right.
Well, we're nearly out of time. I'll just wait a couple of seconds, see if any more questions appear. While we're doing that, I'll just let you know that we will be back next year with a lot more webinars, not necessarily with IC Consult, but hopefully with IC Consult as well.
OK, so no more questions. Let me say thank you very much, Andre, especially for your input today.
Also, thank you for attending. And thanks to the questions. It's great to have really good questions like we had today. So it shows that this is an area that people are certainly interested in. I'm sure we'll be talking a lot more about AI and ITDR and identity threat management in the next 12 months or so. So look out for that. In the meantime, thanks again for watching. And we'll see you soon. Bye. Thank you very much. See you soon, and goodbye.
