All Research
Buyer's Compass

Why don't you like this?

I like this
I don't like this

Identity Threat Detection and Response (ITDR)

Mike Neuenschwander
Threat detection for identity systems poses challenges that differ from endpoint, system, and network breaches, because users are considered trusted, provided sufficient measures such as strong authentication and MFA are utilized. But organizations have difficulty quantifying their identity assets, evaluating risk exposure, monitoring for attack vectors (including account takeovers, lateral movement, account data exfiltration), and enabling response teams to launch effective kill chains. Identity Threat Detection and Response (ITDR) solutions are designed to fill these requirements.

1 The Challenge

A growing chorus of cybersecurity professionals are embracing the mantra “identity is the new perimeter,” and for good reason. Over the last several years, threat actors have moved from endpoint and network borne attacks and turned their attention largely toward infiltrating the identity systems that underly all an organization’s critical assets. This attack path enables threat actors to operate within a trusted zone unimpeded for days or even months before an organization becomes aware of a breach. As a result, damages can be costly and often result in ransomware attacks.

Threat detection for identity systems poses challenges that differ from endpoint, system, and network breaches, because users are considered trusted, provided sufficient measures such as strong authentication and MFA are utilized. But organizations have difficulty quantifying their identity assets, evaluating risk exposure, monitoring for attack vectors (including account takeovers, lateral movement, account data exfiltration), and enabling response teams to launch effective kill chains. Identity Threat Detection and Response (ITDR) solutions are designed to fill these requirements.

The most common challenges for ITDR include the following items.

1.1 Discovery and Visibility

The first hurdle in implementing ITDR solutions is to gain full visibility over the organization’s identity assets by connecting to authoritative systems and linking accounts to the responsible owners. While Identity and Access Management (IAM) systems excel at determining which accounts have access to certain resources, they do very little to maintain a secure security posture organization wide. Typically, IAM systems provide a view into either the organization’s workforce, partner, or customer user accounts. However, IAM systems do not provide single-console visibility of all accounts (both user and systems accounts), dormant accounts, or excessively privileged accounts. These systems also do not provide a gestalt view of access rights assigned to these accounts or provide built-in solutions for identity security posture management.

Furthermore, organizations need to integrate the user account views with system and (possibly) workload keys that enable applications to gain access to critical infrastructure. Gathering all such accounts into a correlated view requires significant automation and normalization—an effort that usually rules out custom solutions and IAM platforms as options.

Full article is available for registered users with free trial access or a paid subscription.
Log in
Become a Member and read on!
Create an account and buy a Membership package or use our 7-days free trial period to access this and 600+ other in-depth and up-to-date insights.
Register and request your 7-day free trial
Register
Already convinced? Check out our packages
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use