Adopting a Risk-Based Approach to Identity and Access Management and Governance
Identities are traditionally managed using dedicated identity and access management (IAM) and identity governance and administration (IGA) solutions. This made sense when enterprise applications were in on-premise data centers. However, enterprise application data today rests in on-premise and cloud datastores. With multiple access privileges to manage for each user across a multitude of applications, organizations struggle to keep their access-related risk in check.
According to the 2019 Verizon Data Breach Investigations Report, 29% of breaches involved the use of stolen credentials. However, according to the Cisco 2019 CISO Benchmark Study, only 19% of CISOs report encountering a security incident involving stolen credentials.
Keeping track of access permissions and activities conducted within applications and establishing a security context based on that information is a big problem for IT security. Realizing that IAM and IGA tools do not have the native capabilities to tackle the challenge, organizations are turning to data-driven solutions that use advanced analytics to identify and monitor access risk while transforming compliance-driven processes with risk intelligence.
Identity Analytics and Intelligence: Data-Driven Risk-Based Access Management
Identity analytics and intelligence is a better, smarter solution to dynamically manage access decisions as well as intelligently identify and manage user risk profiles based on application usage. This reduces the manual effort required and increases the pace and accuracy of security operations.
To address this challenge, Next-Gen SIEM applies advanced behavior analytics to identity usage and access patterns in data collected from your IAM solution. This enables the creation of risk profiles for user behaviors, which can be used by the IAM solution to make dynamic, informed access decisions. The integrated SIEM and IAM solution delivers advanced identity analytics and intelligence capabilities, enabling several use cases that are otherwise difficult for IT security teams to manage.
Detecting Excessive Permissions
Default user profiles can be dangerous. For example, assigning all managers the same access permissions – without concern for what is required for their specific position – can quickly cause a crisis if that manager is careless with his password.
By using a Next-Gen SIEM to monitor usage and correlate it with user task profiles from your IAM solution, the identity analytics and intelligence generated can determine the appropriate level of permission required for a user’s tasks, so excessive permissions can be removed. This eliminates the possibility that accounts with excessive privileges will be abused.
Enabling Risk-Based Access Clean-Up and Certification
The amount of data that a reviewer might deal with as part of an access certification review can be massive. Often, due to changing work responsibilities, user access rights may have changed, but the context of the change was not reported. Overwhelmed, reviewers can fall back on rubber-stamping permissions instead of thoughtfully considering each one.
Next-Gen SIEM uses sophisticated peer group analysis techniques, behavioral analytics, and access and usage monitoring to prioritize high-risk entitlements. This reduces the amount of data that needs to be handled during an access review, which reduces the likelihood that reviewers will just rubber-stamp privileges.
Risk-based clean-ups lead to an approximate revocation rate of 75%, reducing your risk without affecting business operations. With identity analytics and intelligence, the security team can now perform more frequent and effective reviews.
Monitoring Privileged and Service Account Usage
Most systems have privileged accounts that are used by operating system processes or administrative users. These accounts are prime targets for attackers due to the high level of access that they provide.
By monitoring these accounts using identity analytics and intelligence, unusual behavior such as privilege escalations, data exfiltration, credential sharing, and account compromise can be detected, and swift action can be taken.
Securonix Next-Gen SIEM integrates with every major IAM and IGA solution to deliver a continuous stream of identity analytics and intelligence allowing for:
→ Improved access management compliance through user- and resource-centric views of access risk
→ Automated access cleanup and risk-based certification
→ Streamlined, risk-based access request processes
GET IN TOUCH
Do you want to discuss the possibilities and get to know us?