One critical question security leaders are contending with in today’s emerging environments is, “how do you manage threats if you don’t know where the risk is?” More specifically, how do you effectively manage access risk? The solution begins with closing the key security gaps in access. But what are the gaps? Leaders in predictive security analytics have identified two critical areas:
- Awareness Gap for IAM – This gap exists between what access rights have been provided by an IAM (identity and access management) solution and how users are utilizing the rights. If there is no insight into how users are utilizing their access, how can organizations ensure that activity is entirely legitimate for the access provided?
- Discovery Gap for PAM – Privileged access risks at the entitlement level are often hidden in normal accounts or residing within application privileges. Experts cite that over 50% of an organization’s privileged access is unknown. This represents unknown access risk and is a serious access risk plane
Closing the gaps
IAM – With access vs. activity, the solution to close the IAM awareness gap is Identity Analytics (IdA) to risk score access privileges by analyzing both access and activity together. IdA is also recognized by Gartner as the third major phase of identity governance and administration (IGA) for IAM solutions. At present, however, only a small number of UEBA vendors provide IdA to address this challenge with machine learning models. Gurucul customer projects employing this solution have shown a 50-60% on average reduction of the access risk plane, and in some projects 83%-89% reductions in accounts and entitlements have been realized. Reducing excess access and access outliers is the first step to shore up access risks by leveraging IdA for a risk-based approach to IAM.
PAM – Account level tracking of privileged access is no longer enough, even more so by legacy methods of account naming or tagging. Risk officers need risk analysis and scoring for access rights down to the entitlement level. Experts estimate that more than 50% of privilege access risks reside outside of known lists or PAM (Privilege Access Management) vaults. Identity analytics that include privileged access discovery is the solution to this challenge. A recent Gurucul customer project resulted in over 70% of privilege access risks being discovered.
Closing the access management gaps is one piece of the broad and complex puzzle security leaders face in today’s rapidly evolving and fragmented environment. To get a better overview of the entire terrain of these emerging challenges and accompanying solutions, a growing number of security professionals are referring to Borderless Behavior Analytics – Who’s Inside? What’re They Doing?”
Author: Craig Kensek
Sr. Product Marketing Manager, Gurucul