Virtualization Technology News and Information
Preempt 2018 Predictions: Enabling Security in the New Digital Age Through Identity, Behavior and Risk

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by Ajit Sancheti, co-founder and CEO, Preempt

Enabling Security in the New Digital Age Through Identity, Behavior and Risk

Enterprises are deploying more cloud services, embracing DevOps, leveraging on-premises applications and exploring other productivity and cost optimization solutions. As a result, it is becoming harder for them to know who within the organization has access to what and how that access is being used or, as we found out in our latest survey, being misused.

In this new digital age, the static notions of good and bad, inside and outside, cloud and on-premises, etc. are too limiting. None of these will help prevent the next security breach, just like they did not prevent the last one.

Things change. Unfortunately, security organizations don't know when projects change, users move from one department to another, shifts are modified, or when role changes occur. As a result, they lack visibility over who has access to systems and applications, and more importantly, which access is no longer required.

Over time, it becomes difficult to distinguish between legitimate and suspicious legitimate access. Therefore, the leading cause of successful breaches - Compromised Credentials - cannot effectively be identified until it is too late. If every transaction could be evaluated for risk, then access could be granted with confidence.

The realization that identity matters and being able to adapt in real-time is becoming obvious now to most organizations and will become more apparent in 2018 and beyond. What is harder is figuring out how to extend their security infrastructure so that it can easily embrace an approach based on creating and enforcing policies using identity, behavior and risk.

Proportional Response

Once you get past role-based Identity like Privileged users, regular users, executives, contractors, etc., the behavior behind the identity is just as important. A graduated scale of responses is required, and a flexible policy ensures the right level of response. Having a grayscale set of responses - Allow, Email Notify, SMS, Isolate, MFA, Block, etc. - that adapt based on changes in behavior is the embodiment of CARTA. And a flexible policy ensures that enterprises can customize responses to their specific enterprise security policies.

Risk-Based Assessment

The third leg of this stool is Risk which looks at factors such as activity, password strength, location, encryption levels, asset value, and more. When you combine identity, behavior and risk, what you get is a view that can allow you to make effective, real time decisions on whether to allow, disallow or more importantly, verify identity to enable the business process if the person is who they say they are and allowed to do what they need to do.

For example, if a privileged user suddenly begins to access multiple new applications, that is a change in behavior. By combining identity -  in this case privileged identity - with the behavior and other context such as similar user activity, location, or whether the user is coming from their own laptop and during normal business hours, it may be determined that the risk is high, and this access attempt may or may not be an account compromise. In addition to a multi-layer cyber logic assessment, having the user verify their identity in real time via Multi Factor Authentication is a simple, yet effective approach to ensure security.

Another example is when service accounts are behaving abnormally. In this case, the response could either block the transaction or have a human user validate the change in behavior of the service account. In both cases, you allow the business process to take place, ensure security and do not overwhelm the security organization by having them chase false alarms - a trifecta!

Learn & Integrate

Extensibility is another key aspect that enterprises should be embracing in the new year. With the right platform it's possible to gain even more value out of the solutions already in your organization. What if you were able to add secure and step up authentication for critical applications and any other network resource based on user identity? Even if apps are legacy or custom, it is now easy to add secure authentication in front of any application, which is what companies who aren't already doing so, need to be exploring.

What Next?

Strategies are shifting to become continuously adaptive and responsive in real-time to threats that will require more situational context. Companies need to be exploring solutions that will enable a transition for more accurately identifying anomalies by analyzing the behavior, the type of user, risk, application and asset being targeted, which is severely lacking in the market today.

In 2018, it is imperative that companies begin responding to threats by combining identity, behavior and risk, which is a necessity as the enterprise perimeter dissipates and static policy based solutions to identify and respond to threats are ineffective.


About the Author

Ajit Sancheti 

Ajit Sancheti is the co-founder and CEO of Preempt and has over 20 years' experience in IT security and executive leadership. Previously, he co-founded Mu Dynamics (acquired by Spirent Communications) and performed held various management roles. Before Mu Dynamics, Ajit was part of the Corporate Development Group at Juniper Networks and an integral member of the team that developed the industry's first Intrusion Detection and Prevention system at OneSecure (acquired by NetScreen). Prior to OneSecure, he spent seven years at Western Digital, holding various engineering and management positions.

Published Thursday, December 28, 2017 7:26 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2017>