Elevate Security announced the release of Elevate Identity, its
SaaS offering for Identity and Access Management (IAM) Professionals.
The industry-first service integrates Elevate's comprehensive user risk
profiling capability with leading IAM tools such as Cisco Duo,
Crowdstrike Falcon, and Microsoft Azure AD to add a full 360°
perspective of each individual's cyber risk to the authentication and
authorization process. Additionally, the Elevate Identity service
integrates with Identity Governance tools such as Sailpoint's Identity
Security Platform to automate personalized access reviews based on
changes in an individual's user risk profile.
New research
from Elevate and Cyentia Institute recently determined that High Risk
users represent approximately 10% of the worker population, and are
found in every department and function of the organization. While they
make up a small percentage of the population, High Risk users represent a
sizable threat to the organization.
Traditional IAM methodologies rely on a limited dataset to determine the
user risk behind any individual access attempt - typically only
credentials, location, network, and device are known - leaving many
areas of user risk open to attacker exploits, and limiting security team
options for making and applying personalized conditional access policy
decisions.
Without visibility into user risk at the time of authentication and
authorization, all users must be treated generically, increasing chances
of over-provisioning access to a high risk user, or worse, letting an
adversary in and allowing them to achieve persistence.
Elevate's comprehensive User Risk model analyzes billions of independent
data points from across the organization and beyond. Factors such as
worker susceptibility to real phishing, sensitive data handling, safe
browsing, and password management along with demographics and other
characteristics are continually aggregated and updated into detailed,
transparent, high-confidence user risk metrics.
By integrating this rich user risk data into IAM and Identity Governance
Administration (IGA) tools and processes, security teams now know the
true risk characteristics of each worker attempting to access their
systems, including an individual's vulnerability to the pernicious
social engineering attacks currently making headlines at ridesharing,
password, gaming, and healthcare providers worldwide.
With this data in hand, defenders can automate customization of
conditional access policies. For example, Elevate may determine that a
particular engineer, with access to company source code, is being
targeted by attackers with increased frequency, and has recently visited
an insecure website. Once identified as a ‘High Risk Engineer' by
Elevate, this individual is protected by specific IAM policies, such as
forcing password-less multi-factor authentication, requiring a
company-provided device, or limiting access to sensitive materials.
Without individual User Risk data, these types of conditional policies
and user protections cannot be applied reliably or scalably. While it's
appropriate and warranted to apply this level of protection to a small
subset of high-risk users, attempting to subject all users to such
policies would harm productivity, and elicit strong pushback from
workers and business unit managers.
With Elevate Identity, security teams can have the best of both worlds -
strong individual protection for those that need it, and high
productivity and satisfaction from the vast majority of users who
represent less risk.
Integration with identity governance tooling enables Elevate Identity to
also automatically initiate an access governance review solely for the
aforementioned high-risk engineer, ensuring compliance and auditability
by ensuring their access permissions are always aligned to both business
need and their individual user risk profile.
Identity and Access Management is a top priority for IT and
Cybersecurity professionals in 2023, with leading industry analyst firms
urging clients to optimize their IAM and IGA infrastructure. In its
recent Executive Order on Improving the Nation's Cybersecurity,
the White House called on Federal agencies to urgently reexamine and
up-level identity, credential, and access management capabilities.
Elevate Identity has been shown to pay for itself in less than one year
through a 20-50% reduction in security incidents involving a negligent
employee or contractor. The cost of a single such incident was
determined by Ponemon Research
to be $307,111, with the average time to contain such an incident
averaging 77 days. The study found that the average organization faces
more than one such incident per month.
"With comprehensive user risk data informing the Identity and Access
process, defenders have a simple, transparent, and effective method to
apply personalized protections aligned to individual vulnerabilities,"
stated Elevate founder and CEO, Robert Fly. "The ability to make better
decisions, in real-time, at scale, during this critical stage of the
kill chain is an absolute game changer in the fight against
human-centered attacks."
"A one-size-fits-all approach to securing user access will not guard
against threat actors skilled at targeting people susceptible to
engagement with deceptive online interactions or prone to poor judgment
computing behaviors," finds Ed Amoroso, Founder and CEO of TAG Cyber.
"Organizations must be able to easily identify their most ‘at-risk'
workers and continuously quantify their potential likelihood of
initiating a worst-case security incident. By wrapping these individuals
with conditional access policies based on their relative human risk,
enterprises gain a powerful new component in their defense of critical
business assets, while also pinpointing areas for security awareness
improvement."
Elevate Identity is available now, and priced on a per user basis.