De-Risk the breach

You’ve likely heard the seemingly-popular expression among cybersecurity professionals regarding breaches, “it’s not a matter of ‘if’ but ‘when.’”?

Fear mongering aside, this statement is true. With the daily inundation of headlines about security breaches (#Orrick, #MGM, #Microsoft, #CloudFare, etc.) and incidents, it’s clear that no organization is safe - and, frankly, it’s no surprise given the majority of companies are using last decade’s identity tools to secure today’s multi-cloud infrastructure (SaaS apps, modern data systems, cloud native services, identity in the cloud, non-human identities, service accounts, etc.).?

Tune in to hear Tarun Thakur (Co-Founder & CEO of Veza) and Rich Dandliker (Chief Strategist of Veza) dive into Microsoft’s recent breach. Watch now!

Traditional identity tools have long left doors open for attackers. Tools that were built for an on-prem world have been lifted and shifted to the cloud, resulting in mass blindspots (access creep, privilege drift, privilege elevation, service account governance, etc.) that are nearly impossible to entirely cover.?

Although traditional identity tools (IAM, IGA, PAM) are failing enterprises in their quest to achieve least privilege and minimize breaches, there is, unfortunately, no magic bullet either. Despite the marketing jargon we often see in this noisy Zero Trust space, there is no new tech or tool that will keep you entirely safe from identity threats.

That’s why we’re calling on security professionals to de-risk the breach.

As mindsets shift to realize that security breaches will undoubtedly happen, security posture, budgets, CIO and CISO priorities, and tech stack should shift too. In addition to putting effort forth to achieving modern access governance that limits the likelihood of identity threats, security teams must also focus on limiting the damage attackers can do if (when) they successfully infiltrate.?

There are two critical ways to curtail an attackers’ ability to wreak havoc (i.e. reduce the blast radius) once a security incident has begun.?

1. Limit their time
2. Restrict their movement by understanding who can take what action on what data

An attacker can obviously do much less damage if they have limited time to damage or steal from the sensitive data within your apps and systems. But, what if they have 100 days to cause chaos? 200? 250?! These time periods are no dystopian nightmare. In 2023, it took organizations, on average, 277 days to identify and contain a breach , giving attackers a generous amount of time to carry out their shady business.?

By using threat detection tools like CrowdStrike’s Falcon threat detection platform (now integrated with Veza - learn more here! ), organizations can quickly identify identity threats as they occur, giving attackers much less time to lay waste to their digital environment.

However, identifying the threat is only the first step. Once an organization recognizes a breach, they must facilitate immediate damage control. This can be especially difficult with identity-related breaches due to an attacker’s ability to move laterally through an organization by leveraging the compromised identity’s access. Given that 74% of breaches include a human element (privilege misuse, stolen credentials, social engineering, insider threats), lateral movement is an incredibly common and extremely devastating aspect of most security incidents.?

Cutting off an attacker’s ability to leverage access to move laterally across your organization can be the difference between a breach being career changing or… just a semi-stressful Monday. However, limiting lateral movement requires having a true picture of access permissions: something traditional identity tools have not been able to provide. Identity is not what it matters, it’s all about understanding and managing access permissions.

Without the ability to quickly answer the question, “which identities can take what action on what data?” organizations are left without any effective methods for disabling threat actors.

Veza, the Identity Security company, is the Access Control Platform that makes it easy to visualize and understand the true state of permissions, making it easy for organizations to determine who can take what action on what data. With this ability to visualize, understand and control access, organizations who use Veza could effectively find an identity threat and cut off that identity’s ability to do… Well, anything! Better yet, the time from identifying a threat to restricting access would take merely minutes.

That’s the power of permissions metadata - by understand the system specific access permissions, organizing this as canonical data model, transforming the system permissions to effective permissions, and associating them to identity is the advancing the state of identity - and, we believe this is at the core of “de-risk the breach”.

Speaking of advancing the state of identity, Cisco's recent announcement of their Identity Intelligence validates that identity is the biggest, new perimeter. Tune in with Tarun Thakur (Co-Founder & CEO of Veza) and Jason Garoutte (CMO) in our recent #IdentitySecuritySpotlight to discuss why Cisco's remarkable news is game changing for the identity industry. Watch now! ??

Thank you for reading the Identity Radicals Newsletter. Please like & subscribe, and stay tuned for more identity-related content next month from your friends at Veza.