Welcome everybody. My name is Andre. I'm the CEO of IC consult. We are a company focusing completely on digital identities and well, today I will talk about ITDR zero trust and what are the learnings bringing these both disciplines together, best practices and even more exciting nowadays, I would say is a bad practice. So let's start. So Bob and Alice, I'm quite sure you know these two guys having conversation. Hi Bob. Do we have ITDR at all?
Oh yes, of course. Yeah. Our access management does that. Yeah. We can detect if someone's trying to log in from two, two different places at once, we'll enforce MFA or completely deny access and that's what ITDR is about. Right?
Of course not. And now we know why these two guys are typically encrypting their conversations to not leak it to us. Right.
So let's, let's zoom a little bit into what ITDR is about. So we are focusing a lot on building everything to pro to prevent as an attacker is getting into our, into our IT assets. Yeah. But unfortunately, I think you all remember the details about HS happening last year to, for instance, a large total company. Attackers tend to roll out the devices to MFA if they help test support them.
What unfortunately is having from time to time, so the attacker is going through all these kind of barriers we're building up and now it's about the mechanisms to be still able to detect that an attack is going on and and and to stop it. And how is it working? Well the bad thing is an attacker does not need a lot of time to move on from one system to the next system, from one account to the other account.
Not because he's brilliant, but he's, he's following a playbook. Yeah.
Tactic, tactics, techniques, procedures. And if there's a capabilities to detect that, yeah, then we know, okay, likely an attack is ongoing, we can do something against that. And that's what it's about. ITR is is really the kind of of safety net for us. So doing everything in access management and other IM capabilities to prevent the attack and then being able to detect it and saying, okay, stories over for you guy. Okay. That's the one thing. The other thing is do we still have to put all the efforts into building up a zero trust program? A zero trust architecture?
So how are we going with our zero trust initiative? Yeah. And Bob's answer, ah, we shifted our focus a little bit. Why paying all that effort into preventing it if it can easily detect it.
Yeah. ITDR is much cooler. So going for the next password out there, what is obviously is, yeah. So very short recap. We we discussing the morning a lot about zero trust. So I'm quite sure that this picture is known to everybody here in the room.
This the, the zero trust architecture. So we don't want to zoom into it. And of course it is paying a lot of focus on the prevention side. Yeah. But not at all. So if you are running a zero trust program, and that is now I would say one of the, of the important takeaways of that session here today, you likely have some kind of assessment for your organization's maturity when it comes to, to zero trust. There are a couple of assessment assessments out there.
Here's an example from the CISA and of course they do not mentioning ITDI explicitly, but when we look into the capabilities, they expect you if you want to reach the optimal level Level Yeah. Then topics like continuous risk analysis on identities is part of, of that story. So if you have an zero trust program running, I would really recommend bringing that together with modern capabilities to detect ongoing attacks from an identity perspective. Yeah.
Okay. Now let's talk a little bit about some of the challenges findings out there.
And when it comes to threat detection response, it's very often about one topic, false positives. Yeah, that's, that's really, that's really a, a big thing. And honestly setting up such an approach, you might end up with findings you don't want to be aware of. When I talking here about the technical and organizational depth organizations still have. So who is aware that account sharing is happening within the company for, for some of the use cases we have any hands going up, no cameras here. Okay.
Of course nobody has had a part of the identity concept having sharing accounts typically, but we all know there are these kind of difficult edge cases, corner cases where we would have spent tons of of money to solve that and it's still happening. Yeah. Talking for instance about production sites, maybe systems which are not so critical, maybe systems, they are super critical anyhow, bringing ITDR into place might bring these things up and then you have to somehow say, hey, okay, that's unfortunately a false positive.
We know about that issue, we are working on it, but we can't solve it easily. And then also the not so modern systems having effects we were not aware of upfront. Yeah. Systems behaving somehow strange embedded browsers or custom developed applications. This is very, very small user popularity. Popularity which are somehow behaving in a different way. And these are a lot of of things you have to work through as soon as you're able to learn more about what is happening on within your system landscape. And then one more learning. And that's about budget. Yeah.
So doing something new, what where you have not planned for within your zero trust program gives you the necessary to explain why are you going to do that. And one of approach i, I can remen recommend is going via a visual risk management explaining how you wanna deal with risks.
Yeah. So for instance, some data or doesn't matter if it's customer data, sales data, whatever. So we are spending a lot of efforts here on preventing that, something like that happening. And then it's about detect, detect it and, and respond to IT detection based on, on different mechanisms.
I don't think that the mechanisms are so important in, in, in the details. For instance, maybe a honey talking is helping us to know that an attack is going on and then we can say, okay, let's lock the account blocks the device revoke the sessions and not necessarily something which is happening within your premise, but maybe in, in the cloud. So how does it all play together? If you look to standard risk management metrics, we see the impact that kind of event might happen. Yeah.
The likelihood and losing business critical data is of course a big, big thing might be based on a ransomware attack, which well ends in weeks or months, not able to produce anything.
Of course being able to recover much faster is an important thing. But anyhow, the data is out there, can be used for further attacks, can be used from competitors and so on. So improve backup procedures and restore procedures are important thing. But of course just reducing the impact less, just a little bit, not the likelihood that something is happening.
And then we have all the mechanisms as part of our zero trust program for instance, we enforce a device compliance, we are enforcing MMFA whenever it should happen and can bring it down to maybe a, a possible likelihood, but then
Still
Not in the range of the risk we would like to accept. And then ITDR comes in and say, okay, that's the ultimate safety net to reduce the impact even more the attack is taking place, but before the attacker is really able to get to deal a lot of damage to our organization, we can limit it.
And that's the reason why we need more budget in our zero trust program to also cover that kind of of risk and adding it to our, well to help us to reach the, the top level when it comes to the identity pillar within the zero trust maturity. Okay. That's it about zero Trust and ITDR. But now I'm happy to take one or two questions.
Does anybody in the room have any questions? Anybody online? Alexa?
Oh, well I have a question of my own if I may. So I'm still kind of trying to reconcile these two terms in my head, zero trust and ITDR. So which one is dependent on the other more or is it something but you really have to implement kind of with the same effort to actually achieve a success?
Yeah, so from my, from my point of view, so as we learned before, zero trust is much more than than marketing buzzword. And, and if it's this is a robust foundation you have, you have to work to work on. So when it comes to ITR, it's the additional capability to hopefully a a a, A SOC and threat detection response you have already in place, but it's now really about shaping it to also look deep into the, into the identity landscape.
It's likely not the very first step to take, but from my point of view, a very important ones and, and to, to highlight that, that aspect a little, a little bit more, the numbers of attacks will very likely increase and some the methods assets attackers are using to,
To be able to bypass everything, what we do to prevent the attack. That's something that also impact a very, very big, big increase. The reason, the bad part of gene ai. Yeah. Using it for deep fake technologies. Much more sophisticated attacks, which are much easier to do nowadays and in the near future than it was in the past.
Yeah, I quite sure most of you heard about what was happening in, in, in, I think it was in Hong Kong then a deep fake attack with live with the CEO fraud in a live video conference for both visual and voice at the same time. And that was a kind of of successful P-O-C-A-P-O-C, which brought I think two 20 million of pounds revenue into the attacker bucket.
And, and that was a well, and these kind of things were happening much more often in the future. So we cannot just rely on what we are doing to, to prevent and attack, but we have be able to to, to detect it in respond to it. Yeah. So not the first step to take but one thing. What should be part of your Zero Trust initiative? From my point of view. Thank you very much. Thank you. Thank you.
