Why It’s Time to Rethink Identity Security
Over the past several years, organizations have undergone remarkable and much-needed digital transformations. But as they have moved services to the Cloud, user identities have become increasingly exposed to potential attacks. According to a 2020 study by the Identity Defined Security Alliance, 79 percent of companies had an identity-related breach within the previous two years.
Bad actors use compromised credentials to seek out critical business applications and data. To prevent this, organizations must strengthen users’ identities and restrict access to them. However, this can be a challenge. Whatever your situation, there are four safeguards you can implement to keep identities protected.
Why Do Hackers Target Identity Security?
Why do hackers want your identity? Identity comprises three elements you can remember through the acronym CIA: confidentiality, integrity, and availability.
- Confidentiality: A system’s ability to ensure that only the authorized user can view, access, change, or otherwise use data
- Integrity: A system’s ability to ensure that the system and information are accurate
- Availability: A system’s ability to ensure that systems, information, and services are always available
Hackers have many techniques to attempt to compromise these three elements. They can try using malware or misconfiguration. They may find vulnerabilities in the external-facing system. Or they may impersonate someone in a management position—even going as far as to generate an email with the correct domain name, which bypasses typical security red flags—and ask employees to share credentials. They can then log into an employee’s email account, download their email messages, and find information granting them more privileges or helping profile the organization.
Stealing credentials is especially sinister because it leaves virtually no way to distinguish or apply accountability between the authenticated user and the hacker, which means that hackers can spend months on a network performing reconnaissance before attempting a data breach that can be detected such as deploying malware.
Four Ways to Improve Your Identity Security
Because your identity is your first line of defense against cybercrime, it’s crucial that you get it right. And 15-character passwords alone won’t cut it anymore. That’s the bare minimum.
Here are four powerful tools to take your identity security to the next level:
Most of us have multifactor authentication (MFA) on our devices, but if you don’t, you should. Here’s a quick rundown of how it works in protecting identity security:
- The user attempts to log into an app on their device, and the app asks the user for an additional authentication method.
- This second factor of authentication may be a key fob or smart card (something you have), your face or fingerprint (who you are), or an appended code or PIN (something you know).
Because technological advancements have made cracking passwords much more effortless, MFA is essential. While hackers have found ways around MFA, it’s still a powerful option for its ability to protect against account compromise. For example, codes can be stolen through man-in-the-middle attacks, but codes typically refresh every 60 seconds, which means hackers have a limited timeframe within which to act. MFA is a way to add complexity to the authentication process by using a second factor.
Strong Segmentation and Access Control Policies
Place your assets on virtual LANs (VLANs) to maintain boundaries and ensure you know who has access to and credentials for specific assets.
But what’s a VLAN?
“VLANs are virtual overlays enabled by tagging traffic with a VLAN ID. Once tagged, network traffic is then virtually segmented across devices,” according to John Fruehe at TechTarget.
We recommend using access control lists (ACLs) and network segmentation for users to implement segmentation. Plus, implementing Active Directory group policies for the group and departmental access to resources. Segmented networks can be set up with explicit access control lists, so only people who need that data are allowed into that segment.
In the past, once you were authenticated into the network, you were free to move about as long as you had access to the resources to which you had a membership. A new direction has emerged that is both technical and philosophical. All-access to the internal network is treated as if it was the open internet, meaning user activity is tracked and validated every time they access a resource. This approach is known as Zero Trust Architecture (ZTA).
ZTA comprises apps and data, network infrastructure, and device management. The most critical component, however, is identity management and monitoring. To apply ZTA to protect identity requires having a way to monitor a user’s activity on the network. Tools like Azure Active Directory (AAD P2) and Microsoft Defender for Identity (for on-premise domain controllers) provide early account compromise detection, allowing security staff members to react swiftly.
Identity Detection and Response
A final tool that strengthens identity security—and makes your IT and security teams’ lives easier—is ProArch’s Identity Detection and Response (IDR).
Here’s how it works: We leverage tools in the Microsoft stack to monitor and respond to activity on the network. If anomalous activity occurs, we get an alert, which turns into an incident, and we can mitigate the attack before it escalates.
Users will have their identities compromised—it’s the nature of the beast! With IDR, we can quickly see when that account has been compromised, reset it, get a new password, and notify users, which can all be done automatically through automation playbooks. Many of these threats may not require SOC analysts to take action; the platform can make the changes and notify key people within the organization.
Identity is your first line of defense against bad actors after your identity security. Protect your company by implementing multifactor authentication, strong segmentation, access control policies, zero trust architecture, and IDR.
If you would like to learn more about how ProArch’s IDR prevents account compromises, contact us today.