The need for identity analytics
Cyberattacks globally continue to rise. That's not really news. But the pandemic that begin in early 2020 proved that cybercriminals don't give a second thought about nefariously exploiting cataclysmic events even as they threaten humanity. That is disturbing.
Here are the two most disturbing facts for organizations from a security standpoint: the lack of visibility of threats and the rapid advancement of cybercrime techniques.
On one hand, today's businesses need to manage a large number of access privileges across many applications for each user. On the other hand, data breaches caused due to stolen credentials are at an all time high. Clearly, an organization's user identities and their entitlements are a major source of risk.
To efficiently investigate and analyze the risk posed by user identities and their entitlements, organizations need identity analytics.
What is identity analytics?
Identity analytics tools leverage big data, artificial intelligence (AI), and machine learning (ML) technologies to crunch data from various sources and generate actionable intelligence where identity-related data exists. With the advanced analytics and dynamic risk scores that identity analytics tools provide, an organization can learn what resources their users have access to, see how they are using their access rights, track unusual user behavior, and determine if they should be given access based on contextual information, such as geolocation, device type, etc. All of this is accomplished in real-time.
Further, operations such as certifying access and remediating policy violations can be automated with an identity analytics tool. Manually performing these tasks are too time-consuming, labor-intensive, and will lead to increased operational costs. Automating these operations help enterprises simplify their compliance audits.
Identity analytics tools use cases
Detect and remove excessive access permissions
Ideally, users should have access to only resources (servers, directories, applications, or services) applicable to their job roles. However, many users tend to have excessive permissions due to various reasons.
It might be because they were promoted, switched roles, or were granted a special permission to carry out a specific task. With identity analytics, all access privileges are reviewed based on the user behavior and application usage patterns. Profiles with excessive access permissions are instantly flagged, and subject to quick removal of any unnecessary access privileges.
Risk-based access certifications
In today's organizations, many users tend to have excessive access privileges. But manually reviewing each of these privileges is time-consuming, and can lead to quick, rubber-stamped approvals that overlook potential security concerns.
Identity analytics tools provide contextual risk scores for each user based on various sources, such as user behavior, application usage data, and peer group analysis. Some tools even offer entitlement-level risk scores. Identity analytics tools can be configured so that managers are notified only about high-risk user profiles. This drastically reduces the time managers have to spend with certification campaigns. Since most identity analytics tools provide a context-rich consolidated view of an user's entitlement data collected from multiple systems and applications, managers can perform more effective certifications.
Enhanced security and monitoring of privileged accounts
There are two major types of privileged accounts that can be found in organizations: One is used by applications or system processes to interact with the operating system (aka service accounts), and the other is the various user accounts that have administrative privileges. Cybercriminals target these accounts as they provide easy access to an organization's sensitive information.
With identity analytics tools, you can swiftly uncover unused privileged entitlements and spot changes in privileged accounts, such as privilege escalation and credential sharing attempts.
Identity analytics tools leverage User Behavior Analytics (UBA) to detect such unusual user actions. UBA applies ML techniques to create a baseline of normal activities specific to each privileged account, then detect deviations from the established baseline and, finally, provide alerts to the concerned personnel. Consider when a user account in Active Directory (AD) is given only one administrative privilege when it is provisioned. If this account suddenly accumulates multiple privileges, like resetting passwords, modifying owners, deleting child objects, etc. then UBA will detect these abnormal activities and flag the account as suspicious. Identity analytics tools enable IT administrators to configure automated responses, like temporarily disabling access, when unusual activities are detected.
Detection of separation of duty violations
Separation of duty (SOD) is an internal security policy that ensures no single individual has complete control of over an entire resource or process. For instance, developers shouldn't have admin privileges to production databases because, if a developer alters the source code and the program becomes unstable, future patches and security updates won't work. SOD violations occur when user accounts have conflicting access permissions.
They pose a security threat because it means there are individuals in the organization who can tamper with data without being detected.
Identity analytics tools can automatically disable access to an account when an SOD violation has been detected, and notify the IT security team. Identity analytics tools ensure SOD violations are swiftly detected, and the reason behind each violation uncovered. Managers will have better visibility into the account entitlements and access permissions of users. Improved visibility helps managers make better decisions when it comes to access requests.
Adaptive authentication to reduce risk
Multi-factor authentication (MFA) requires a user to verify their digital identity by authenticating themselves with least two factors other than their user credential.
Though the added layers of verification enhance security, an organization-wide MFA usually presents an authentication burden for users who are already inside a secure network, and can affect user experience and productivity.
Adaptive authentication solutions perform real-time user risk assessments, and prompt users to provide an additional authentication factor only if their perceived risk is high. With adaptive authentication, organizations can improve security without compromising on usability.
Mitigate access-related risks in your AD and Azure AD environments, and better protect your identities with the identity analytics capabilities of ManageEngine AD360.
Assess the risk of each user based on factors such as IP address, geolocation, device type and time of access and configure automated access control decisions.
Receive notifications about unusual events, such as when a dormant account becomes active, an unusual number of login failures occur, a sudden spike in user management activity happens, or when a data exfiltration or deletion attempt is detected.
How AD360 takes care of your IAM needs
Eliminate redundancy and human errors, and improve business processes by automating user provisioning, stale account cleanup, and other identity-related tasks.Learn More →
Elevate trust in identities and mitigate impersonation attacks using biometric, authenticator apps, and other advanced authentication methods.Learn More →
Centrally manage on-premises and cloud identities, or both, and govern their privileges from a single console.Learn More →
Identity protection with UBA
Detect, investigate, and mitigate threats such as malicious logins, lateral movement, malware attack, and privilege abuse with machine learning-based UBA; automate your threat response.Learn More →
Identity lifecycle management
Streamline identity management throughout the entire lifecycle of users—right from provisioning, to role changes and deprovisioning.Learn More →
Rethink your IAM with AD360
AD360 helps you simplify IAM in your IT environment by giving users quick access to the resources they need while establishing tight access controls to ensure security across on-premises Active Directory, Exchange Servers, and cloud applications from a centralized console.
Demo request received
Thank You for the interest in ManageEngine AD360. We have received your personalized demo request and will contact you shortly.
Get a one-on-one product walk-through
© 2020 Zoho Corporation Pvt. Ltd. All rights reserved.