How are Cybercriminals still Compromising Identity and Breaching Organizations after all These Years?

The role of identity continues to be in high focus for defenders and attackers alike. While Identity and Access Management systems have improved greatly with the increased usage of MFA, PAMs, federated identity, AD & Azure AD, and detection and response systems such as EDR, SIEMs and XDR, successful, massive breaches leveraging identity still are occurring regularly. Why? How? In many organizations there are major vulnerability and detection gaps between primarily preventive IAM controls and increasingly common attacker tools and techniques that circumvent them. This is most evident post initial compromise where more sophisticated attackers show off their skills in the middle of the attack chain to move laterally and escalate their privileges on their way to the organization’s crown jewels. As with every attacker move there is a defender counter move. This has led to the emergence of identity threat detection and response (ITDR) solutions. Can ITDR solutions and associated security processes break the middle of the attack chain?