BeyondTrust has introduced a brand-new product to the identity security market—one that we believe sets a new standard in securing both human and non-human identities. Identity Security Insights is the first product of its kind to provide a holistic, real-time visualization of identity-based threats. With Identity Security Insights, you benefit from a complete view of identities, access, entitlements, and privileges in your network. The product also identifies and prioritizes potential security issues, illuminates potential attack paths, and offers smart, actionable recommendations to enhance your identity hygiene.
This blog discusses the importance of identity security, the need for innovative identity security solutions, and the features and capabilities that set Identity Security Insights apart and position it to provide organizations with a new level of identity visibility and protection.
Why is identity security important?
Organizations today find themselves grappling with the following “three truths” of digital identities:
- Identities are the new perimeter. Where organizations were once secured by a perimeter defined by firewalls and physical boundaries, today’s organizations are perimeterless. Access to systems and resources is controlled by digital identities, which are much more dynamic and fluid.
- Identities today are the prime target for threat actors. In a recent survey report by the Identity Defined Security Alliance, 90% of security professionals revealed they had experienced an identity-related incident in the past year, with 78% experiencing direct business impacts as a result. Compromised credentials and over-privileged users offer an effective, and often hard-to-detect, pathway to exploit.
- Identities are surging in number. Cloud adoption, increased software automation, the proliferation of non-human / machine accounts, the new work-from-anywhere paradigm, and the use of disparate systems to manage identities is all contributing to identity sprawl. This creates gaps in visibility and makes it difficult to determine which users present the most risk to an organization’s security, at any given moment.
A few of the product’s groundbreaking capabilities that customers love
According to customers who have already started to leverage Identity Security Insights, a few of the top capabilities of BeyondTrust's newest product include:
- Provisions an intelligence layer that correlates data from BeyondTrust Privilege Access Management (PAM) and Identity Security solutions and third-party tools into a unified dashboard
- Detects compromised identities and privileged access misuse
- Provides proactive security and threat mitigation recommendations that help optimize and improve your security posture
Early adopters of Identity Security Insights have quickly discovered and remediated security risks where unauthorized users could gain access to sensitive systems and data, including:
- Unmanaged admin and over-privileged accounts
- Potential on-prem to cloud privilege escalation paths
- Pivot points that attackers could use to go from personal email accounts to corporate admin accounts
- Opportunities for session hijacking
- And many other previously undetectable security gaps that could be compromised by bad actors.
Identity Security Insights also offers advanced capabilities for penetration testers. The recommendations feature can allow a pen tester to determine if there are one or multiple vulnerable attack vectors within the integrated applications. Examples of recommendations Identity Security Insights can provide include the potential for privilege escalation, MFA/conditional access not being enforced, and dormant accounts lingering in the customer’s environments.
Read on to better understand modern identity security challenges and how you can address these challenges with the unparalleled visibility and identity-based threat detection capabilities of Identity Security Insights.
For the full product release notes, click here, or read on to learn more about this new product in BeyondTrust’s Intelligent Identity and Access Security portfolio.
Why do we need innovative identity security solutions to address identity-based threats?
Traditional preventative security controls are no longer sufficient on their own to protect sensitive systems and data from the threats posed to digital identities. Security professionals must adopt solutions that can combine prevention and detection capabilities to eliminate blind spots, shut down attack pathways, detect identity-based anomalies, and guide remediation.
Without complete and unified visibility, it is difficult for organizations to:
- Determine the true impact and “blast radius” if an identity is compromised
- Understand how malicious actors can leverage a privileged identity to gain control of organizational assets
- Detect new attack paths between new users and systems,
- Determine the threat posed by misconfigurations and how these can bury indicators of compromise
- Track identity-related risk mitigations across the organization’s environments
- Quickly detect and remediate security events that involve multiple identities and accounts.
How is Identity Security Insights different?
Traditional SIEM, XDR, and IGA solutions are foundational to any organization’s security program, but they are unable to provide a full identity security picture, and a fast mechanism for proactive mitigation. Organizations have blind spots and hidden attack pathways that make them vulnerable to threat actors and these cannot be uncovered by traditional tools. Identity Security Insights combines threat prevention and active threat detection in one comprehensive solution. By providing a level of identity visibility and protection that goes well beyond tools like SIEM, XDR, and IGA, Identity Security Insights helps you prevent identity-based risks from turning into active threats. The product also provides security recommendations based on unmatched contextual understanding of your identity footprint to help you detect active threats and mitigate findings before they become problems.
Key Outcomes You Can Expect from BeyondTrust Identity Security Insights
Identity Security Insights customers can attain the following outcomes:
- Fast Time-to-Value: Get up and running in under 30 minutes. Gain actionable findings on the same day, and fast-track your journey to an improved security posture.
- Unified Visibility: Gain one holistic view of identities and access across your IT estate, including multicloud and on-premises environments. Benefit from a single interface providing a holistic understanding of identity-related risks and helping to prioritize least privilege enforcement.
- Identity Threat Detection: Identify overprivileged accounts and users, poor security controls, and anomalies, including events involving multiple identities and accounts.
- Proactive Recommendations: Decisively act on recommendations to promote identity hygiene, reduce the identity and access attack surface, and harden your security. Insights connects to our product portfolio and correlates data with third-party solutions to surface identity-related detections and recommendations that other solutions cannot surface.
- Streamlined Compliance – Reduce the complexity of satisfying and proving compliance with dynamic dashboards and reports.
- Leverage your current technology stack and security investments with a solution that can easily integrate with your identity tools.
- Reduced Risk of Identity Attack – See a measurable reduction in security events related to compromised identities and privileged access misuse. Pinpoint blind spots and mitigate risks by proactively identifying vulnerabilities and learning ways to close gaps and strengthen your identity security posture.
Key Features of BeyondTrust's Identity Security Insights Solution
Key features of Identity Security Insights include:
- Centralized dashboard: Compiles information from BeyondTrust solutions and identity providers, such as Okta, Ping Identity, and Microsoft Entra ID (formerly Azure Active Directory), to provide unified visibility of and intelligent insights into users, accounts, and privileges—in a single console.
- Identities view: Provides a detailed view of identities, accounts, and entitlements and attaches a corresponding privilege score, along with any detections and recommendations for risk remediation.
- Identity-based threat/anomaly detection: A dashboard overview of detections, ranked by severity, indicating identity, account, or privilege compromise. This includes surfacing problematic configurations and suspicious user activities. The dashboard provides a clear picture of the identities and accounts associated with each risky activity.
- Proactive recommendations: Identifies and ranks high-risk identities or privileged accounts and provides proactive recommendations for right-sizing identity and account access, removing unnecessary privileges, and addressing poor identity hygiene. This empowers organizations to remediate risks before they are exploited by an attacker.
- Connector Library: Provides a comprehensive set of connectors that allow you to collect data from BeyondTrust solutions, as well as third-party solutions.
- Cloud-native underlying architecture: Identity Security Insights has no infrastructure to deploy or maintain, making it highly available and fast to integrate and deploy in your security landscape.
- Data lake: Provides valuable insights into your existing identity security landscape so you can detect and mitigate risk. The data lake is built with the ability to scale and it supports multiple tenants, including SSO with SAML, 2FA verification, and RBAC.
What risks does Identity Security Insights help address?
Some of the top risks Identity Security Insights addresses include:
Overprivileged users remain a persistent risk. The more privileges a user, account, or process amasses, the greater the potential for abuse, exploitation, or error. Gartner’s Innovation Insights for CIEM report revealed 95% of machine identities are overprivileged. In 99% of pentesting cases conducted by IBM’s X-Force Red, cloud identities were found to be over-privileged, enabling the pentesters to quickly compromise client cloud environments. Forrester Research has also estimated that roughly 80% of breaches directly or indirectly involve privileged credentials.
According to the Microsoft Vulnerabilities Report 2023 (published by BeyondTrust), removing local admin rights and controlling execution has historically mitigated 75% of Microsoft’s critical vulnerabilities. Implementing least privilege not only reduces the likelihood of a breach occurring in the first place, but also helps limit the scope of a breach, should one happen.
Lack of visibility and awareness of all the privileged accounts, assets, and credentials across an enterprise stands as a key factor preventing organizations from effectively applying least privilege. The level of visibility Identity Security Insights can provide helps organizations truly understand the potential impact of a breach specific to any identity across the entire estate. It also makes it easy to adjust users’ entitlements to enforce the principle of least privilege and proactively remove unnecessary privileges before they are exploited by an attacker.
How many identities do you have across your enterprise? How many accounts and privileges are associated with those identities?
Insights helps organizations gain detailed visibility over each identity. Illuminate high-risk identities and any associated risk factors, and prioritize least privilege-related actions.
Identity Security Insights can help you identify:
- Unused accounts: Unused, dormant, inactive, or orphaned accounts may retain privileges and access rights to systems on a network. Without an active owner monitoring for suspicious or sudden activity, they pose an unnecessary attack vector. Threat actors can exploit unused accounts to set up footholds on corporate networks and use any remaining permissions to move around. Insights surfaces identities with unused accounts so you can mitigate this risk immediately.
- Revoked or partially revoked identities: Revoked or partially revoked identities may have had their primary account (in Okta or Azure AD / Entra ID) disabled, but other secondary accounts were left enabled. This could have resulted from incomplete offboarding. Activity on this identity may indicate a compromise or an attempt to access sensitive resources.
Identity-based anomalies or known attack techniques
Identity-based attacks often take the longest time to identify due to the fact that they can target accounts that are inactive or not easily visible to IT security teams. According to IBM’s Cost of a Data Breach report, in 2022, the average time to identify and contain a breach was 277 days (approximately 9 months). Compromised credential breaches took an additional 50 days (an average of 327 days total) to identify. In that time, a threat actor can not only infiltrate, but also move laterally, through your infrastructure.
Identifying abnormal behavior or suspicious activity as it happens can give you a significant advantage in stopping a breach or mitigating the damage. Insights quickly pinpoints activity from compromised identities, accounts, or privileges for fast remediation.
Hygiene issues and weak security controls
One stumbling block preventing organizations from effectively implementing healthy cybersecurity hygiene policies is identifying where identity hygiene needs to be improved, and which issues pose the highest organizational risk.
Identity Security Insights can help you proactively address weak security controls, and right-size entitlements that, if left unaddressed, could become an attack vector. The product also helps you prioritize mitigation of hygiene issues by surfacing recommendations and ranking them by order of importance or impact. For example, an account with shadow admin privileges that allows privilege escalation has a higher importance rating than an unused cloud app.
Identity security misconfigurations
Identity security misconfigurations can significantly expand an organization’s attack surface and increase the risk of threat actors gaining unauthorized access to systems, assets, and data. According to CrowdStrike's Report: "Nearly half (47%) of critical misconfigurations in the cloud are related to poor identity and entitlement practices."
Some of the biggest misconfiguration risks include:
- Weak or Default Credentials – Failing to change default passwords and credentials for accounts and systems or lacking strong password policies and multi-factor authentication (MFA) enforcement.
- Overly Permissive Access Controls – Inadequate role-based access control (RBAC) or misconfigured permissions on files, databases, and cloud resources. This misconfiguration leads to users having more privileges than necessary.
- Unmonitored Account Activity – Failing to monitor and detect abnormal account activities, such as suspicious logins or privilege escalations, or ignoring unauthorized access attempts or changes to user settings.
- Insufficient Identity Lifecycle Management – Neglecting to deactivate or revoke access for accounts that are no longer needed (e.g., former employees or contractors), or enforcing inadequate onboarding and offboarding processes for users.
- Insecure API and Integration Settings – Poorly configured application programming interfaces (APIs) and integrations that expose sensitive data, and a lack of proper authentication and authorization mechanisms for API endpoints.
By harnessing advanced analytics and intelligence, Identity Security Insights enables regular assessments, continuous monitoring, and adherence to security best practices, all of which are essential to maintaining good identity hygiene and a strong identity security framework.
Detections based on high-risk events are a foundational part of every modern Security Operations Center (SOC), but tools like SIEM, XDR, and IGA do not give you a full identity security picture. While these tools give you important monitoring and detection capabilities, they do not help you reduce your attack surface.
Identity Security Insights activates key Identity Threat Detection and Response (ITDR) capabilities that help to identify, monitor, and mitigate threats to digital identities within an organization's network. Insights brings advanced analytics, anomaly detection, continuous monitoring and proactive recommendations to detect and guard against risky activity such as unauthorized access attempts, account takeovers, insider threats, and other malicious activities that could compromise the integrity, confidentiality and availability of sensitive information.
How to get started with Identity Security Insights
For more information, to access a free trial, or to request a demo of BeyondTrust's Identity Security Insights, please visit www.beyondtrust.com/identity-security-insights.
Alex Leemon, Director, Product Marketing
Alex Leemon is Director, Product Marketing at BeyondTrust. She has over fifteen years of experience working with enterprise-level and Critical Infrastructure organizations solving safety and security challenges. Before joining BeyondTrust, Alex served in various roles related to the development of operational technology (OT) products and the Industrial Internet of Things (IIoT).