Achieve Confidence in your Identity Security with BeyondTrust and Microsoft Defender for Identity

Robust identity protections are paramount in today’s organizations. According to the 2023 Verizon DBIR, 74% of all breaches include a human element, with people involved via error, privilege misuse, use of stolen credentials, or social engineering. Privileged identities, in particular, are prime targets for attack. In many cases, an attacker’s first goal is to get their hands on a privileged identity. From there, they only need to log in, rather than break in, to gain access to your most critical systems.

That’s why many organizations use dedicated solutions to add additional protection for their privileged identities, such as credential vaulting and secure remote access. These types of Privileged Access Management (PAM) solutions ensure that only authorized users have access to critical systems and data.

However, while many organizations seek Privileged Access Management (PAM) solutions to satisfy audit or cyber insurance mandates or to address growing identity risk concerns, they often don’t have a clear vision of their organization’s unique identity attack surface and existing access vulnerabilities. And because modern technology and threat landscapes have evolved significantly, most organizations don’t know where many of their most crucial identity and access vulnerabilities reside. As a result, they overlook many of the hidden privilege pathways in their organizations.

BeyondTrust Identity Security Insights®, the core of the BeyondTrust Platform, uncovers accounts with risky privileges and Paths to Privilege™ across the identity landscape, reducing blind spots across endpoints, servers, databases, identity providers (IdP), SaaS solutions, and clouds. Additionally, integrating Identity Security Insights with BeyondTrust Password Safe ensures that every account with True Privilege™ is managed appropriately, mitigating privilege risks and reinforcing overall identity security posture.

Today, we are excited to announce a new integration between BeyondTrust and Microsoft Defender for Identity, which enables incident responders to remediate compromised accounts quickly in Microsoft's unified security operations platform.

Microsoft Defender for Identity is a cloud-based security solution that helps protect your organization's on-premises identities from advanced threats and manage identity risk. This modern identity threat detection and response (ITDR) offering is fully integrated with Microsoft Defender XDR, and leverages signals across hybrid environments, from both on-premises Active Directory and cloud identities. Defender for Identity helps SecOps teams better identify, detect, and investigate advanced threats directed at their organization with breach prevention, threat detection, investigation of suspicious activities, and response to attacks. Microsoft’s ITDR solution facilitates security operations by enabling all identity security capabilities from a single pane of glass, onboarding sensors on all identity infrastructure-related servers in the customer’s environment, including Microsoft’s first-party capabilities alongside other third-party solutions.

BeyondTrust is teaming up with Microsoft to incorporate privileged account signals from BeyondTrust's cloud-based Identity Security Insights solution into Defender for Identity to enhance associated threat response actions. Here’s how this integration works:

1. Defender for Identity gets an updated list of privileged accounts managed by BeyondTrust. This will provide deeper end-to-end visibility into the identity estate with additional context around privileged accounts, all updated directly within the Defender for Identity portal (e.g. user page).
2. If an account is compromised, incident responders can manually trigger a remediation operation on the privileged accounts they choose, which results in an action in the BeyondTrust platform.

This integration gives customers the ability to take immediate action from the Defender for Identity portal to remediate an identity that has compromised permissions and/or privileges.

The integration between BeyondTrust PAM and Defender for Identity for the modern age enables organizations to comprehensively mitigate identity risks across their Entra and Active Directory accounts. BeyondTrust provides deep visibility across the entire environment—from endpoints to cloud workloads—to accurately discover and prioritize accounts with risks such as unrotated credentials, unauthorized admin-level privileges, and paths to sensitive secrets and credentials.

According to the 2023 IBM Cost of a Data Breach Report, it takes 328 days to identify and contain breaches resulting from stolen or compromised credentials. Without this integration, it would take organizations days or weeks to manually correlate each data point between BeyondTrust and Defender for Identity to surface this information and secure their organization. With this integration, managed accounts are seamlessly and automatically updated in Defender to achieve key outcomes for your organization:

Achieve faster incident response

BeyondTrust Identity Security Insights can help improve incident response time by providing accurate knowledge of an account’s True Privilege™, mapping out the potential impact on the organization as well as providing posture improvement recommendations to IT, security, and IAM teams. Additionally making enforced password rotation actions accessible directly in Defender for Identity portal, the integration between Identity Security Insights and Defender for Identity enables responders to swiftly contain the scope of incidents involving privileged accounts.

Gain holistic visibility into identity security posture

Identity Security Insights first continuously assesses your entire environment, uncovering accounts with both direct and hidden Paths to Privilege that require control. It also monitors your Password Safe infrastructure from within the Defender for Identity console, tracking changes and mapping attack paths.

Mitigate privilege risks

Identify and mitigate risks like dormant service accounts with unrotated credentials, accounts with Domain Access paths, and shadow admins with unauthorized admin level privileges. With this data, admins can proactively reduce risks with prescriptive recommendations, detections, and integrated PAM via Password Safe.

Streamline PAM by eliminating manual data collection and analysis

Make informed decisions by considering the effective privileges of human and non-human accounts, the strength of the posture controls, and whether an account is a prime attack target. Defender for Identity admins can then take proactive measures to manage accounts and eliminate unauthorized access, ensuring credential management and just-in-time (JIT) controls.

BeyondTrust enhances the capabilities of Defender for Identity by helping organizations further protect their Paths to Privilege. It proactively uncovers shadow admin threats and locks down secrets and credentials—all from the integrated Defender for Identity console. BeyondTrust provides the following capabilities:

• Sophisticated True Privilege™ risk analysis
• Comprehensive, market-leading PAM controls suite
• Broader identity risk visibility and managed privileged user activity from EP, server, several IDPs, Cloud, SaaS, Developer tools, and more
• Interoperability with BeyondTrust credential management controls and mitigation

The integration between BeyondTrust and Defender for Identity unlocks a powerful set of benefits for shared customers, including streamlining responses when privileged identities are compromised. These new response actions will enable security operations (SOC) teams to automate workflows that focus on quickly remediating incidents that involve privileged identities.

This integration between BeyondTrust and Defender for Identity is building a more confident and secure future for security, risk, and compliance teams, arming them with best-of-breed Identity Security visibility and remediation. As we continue to lead the way in identifying how attackers gain access to privilege pathways, we are developing our integrated roadmap to push the boundaries of these solutions and to deliver the broadest and deepest value to our joint customers.

To learn more about BeyondTrust’s integration with Defender for Identity and how it enables incident responders to remediate compromised accounts quickly in Microsoft's unified security operations platform, contact us today, or click here to see a demo of Identity Security Insights in action. For additional technical details on this integration, click here.