In today’s modern work landscape, digital identities have become a record of trust, access, and relationship management for businesses. Regardless of their size and industry, organizations rely on digital identities to operate.
With a massive growth in the number of digital identities though, opportunistic threat actors have latched on to this expanding surface as a means for attack. Identity-based cyberattacks have accelerated and conventional identity management tools such as Identity Access Management (IAM), Privileged Access Management (PAM), and Identity Governance and Administration (IGA) are no longer enough on their own to shield organizations from advancing cyber threats on both digital and machine identities.
Identity protection and management has increasingly become a topic of focus for many security leaders who now look towards a combination of identity threat detection and response (ITDR) strategies to reduce risk and protect the enterprise. In this post, we explore how ITDR can help protect against threat actors’ growing interest in attacking identity and set up organizations for long-term success.
Data leaks, phishing and social engineering campaigns, supply chain, and golden ticket attacks have all made global headlines over the past few years with, seemingly, no end in sight. Threat actors are after sensitive data and the volume of attacks on identity has grown significantly.
At the start of last year, for example, attackers impersonated the U.S. Department of Labor in a phishing campaign aimed at stealing Office 365 credentials. The emails asked recipients to submit bids and utilized an entire network of phishing sites to target unsuspecting users. This particular attack showed a high level of sophistication in the convincing setup of spoofed pages and the well-crafted, typo-free content found within the emails.
Later in 2022, authentication services provider Okta suffered a supply chain attack when a laptop belonging to a subprocessor support engineer was compromised. During the 5-day period of unauthorized access, the threat actors were able to access Okta’s customer support panel and internal Slack server. The compromised account held ‘super admin’ access capable of initiating password resets of Okta’s end customers.
Rounding up the tail end of 2022, multinational fintech company PayPal notified thousands of its users after their accounts and personal data were accessed by way of a credential stuffing attack. In this type of attack, threat actors rely on bots to pair massive lists of known usernames and passwords together to then ‘stuff’ into login portals. The breach impacted nearly 35,000 account holders with threat actors having accessed their full names, birthdays, mailing addresses, social security numbers, and tax identification numbers.
Identity-based attacks accounted for much of the reported security incidents from 2022. Attackers continue to exploit this attack surface, posing a direct risk to enterprises as they meet a surge in digital identities and remote workers.
The 2022 Trends in Security Digital Identities report from the Identity Defined Security Alliance (IDSA) noted the following key findings:
The causes for this accelerated attention on identity can be attributed to two main factors.
First, the rising use of third-party technology and services, internet of things (IoT) connections, and cloud-based apps have all increased the number of digital identities – both human and machine. Each identity is another possible attack vector, and with so many in existence, more than a few are bound to be less protected or monitored as they should. Such low hanging fruit is a tantalizing ‘in’ for threat actors.
Second, securing new working spaces has become increasingly complex. The perimeters of work have extended far beyond physical offices or small numbers of off-site workers. Accelerated by a global pandemic, work-from-home policies have settled into many organization’s very infrastructure. These allowances have also allowed vendors, partners, contractors, and third-party service providers to all remotely access network resources as needed.
Digital identities for both humans and machines are an integral part of how we operate on a day-to-day basis. Vulnerable to attackers, what’s emerged is a high-stakes digital identity crisis that affects everyone. Top challenges businesses face in securing digital identities include:
While organizations contend with the above challenges, the task of securing digital identity lags behind new threats and many traditional means of protection are no longer able to meet developing attack vectors head on.
Password-based authentication systems, for example, are well known for the inherent risks they bring. Hackers can employ brute force, password spraying, and credential stuffing attacks on these systems to steal passwords. Organizations that don’t design and enforce strict password hygiene processes are vulnerable to user-generated threats stemming from the recycling of the same passwords across multiple accounts, forgetting passwords, and storing passwords in unsafe places.
Threat groups also target unsecured cloud users via cloud solution providers (CSPs) through credential theft techniques, phishing attacks, and conducting malicious activities to obtain usernames and passwords.
Legacy multi-factor authentication (MFA) protocols have also come under attack with threat actors targeting a number of big names in 2022 alone, among them Twilio/Okta, Microsoft Teams, Dropbox, and Cisco. While MFA is a commonly recommended and good security best practice, it is only as strong as its weakest link and implementing it alone is not sufficient to protect organizations from identity-based attacks.
In understanding the growing digital identity crisis, security leaders recognize the dire need for robust identity management solutions that combine proactive endpoint defense, real-time and managed response, zero-trust infrastructure, and domain protection.
Existing identity protection solutions such as Identity Access Management (IAM), Privileged Access Management (PAM), and Identity Governance and Administration (IGA) generally focus on making sure people have access to only what they need. Authorization and authentication are the main pillars covered by these types of solutions, but they are unable to provide visibility into key factors in identity breaches: credential misuse, exposures, and privilege escalation activities from the endpoint into cloud and Active Directory (AD) environments.
Security for identities isn’t only managing user access, policing governance, or locking down exclusive privileges – organizations are now looking to assess security gaps from an identity standpoint. This means proactively looking at root causes and thwarting identity-based threats before they become full scale security events.
Since identity is one of the most attacked perimeters enterprises now face, the importance of looking beyond simply managing access and moving towards a proactive defense of the entire infrastructure has come to the fore. Threat detection solutions can be geared specifically towards identity-related indicators of compromise, stopping threat actors before they can gain unauthorized access or raise their privileges in a victim’s network.
To secure the infrastructure in which identities are managed and used, identity threat detection and response (ITDR) has come to the forefront as an adjacent framework to advanced security solutions like Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR). ITDR works to fill a significant gap in the threat landscape, focusing on protecting credentials, privileges, cloud entitlements, and all the systems that manage them.
With ITDR in place, organizations are set up to:
As identity-based threats continue to strike across all global industries, business leaders are doubling down on reducing risk during a digital identity crisis. Organizations can move towards cybersecurity strategies and solutions with identity protection at its center to ensure protection against mounting attacks, manage machine and user identities at scale, meet regulatory compliance needs, and build client trust.
Digital identities are the foundation of many organizations and SentinelOne’s Identity Suite delivers robust defenses to defend the infrastructure that houses them. Whether organizations are on-prem or in the cloud, Singularity ends credential misuse through deception-based protections executed in real-time.
Learn more about how Singularity furthers identity-leading cybersecurity strategies by booking a demo or visiting Singularity™ Identity.
Get a Demo of SentinelOne's Identity Suite
Bringing Identity to XDR. Ready to experience the market’s leading identity security suite?