Oasis Security announced an
industry-first NHI Ownership Discovery Engine. With this new AI-powered engine,
Oasis Security users can auto-discover human owners of NHIs without
pre-existing knowledge and even in the absence of metadata, like tags or
naming.
NHIs outnumber human identities on average by a factor of 20x in enterprise environments, leaving organizations
vulnerable to significant risks. Identifying NHI owners is critical to properly
managing NHIs, mitigating risk, and initiating remediation tasks, yet it is
often missing context that many organizations struggle to maintain.
The Oasis NHI Ownership Discovery Engine is powered by
purpose-built AI and ML algorithms that suggest and assign NHIs owners in a
user's environment by analyzing the digital footprint and behaviors of those
who consume them and for what resources. Unlike solutions that rely on
pre-existing information for ownership context, Oasis autonomously processes
information collected from logs and Configuration Management Databases to
suggest and assign the correct owner. Through integrations with email and enterprise
messaging platforms such as Slack, ownership context can be verified and
attested without the need for error-prone manual processes.
"Understanding who owns a non-human identity is a
foundational pillar of any successful NHI governance strategy," said Amit
Zimerman, Co-Founder and Chief Product Officer of Oasis Security.
"Ownership context empowers identity and security teams to enforce
security policies, ensure compliance, and manage risk with greater precision.
As today's threat landscape grows more complex and unmanaged NHIs become
high-stakes vulnerabilities, ownership attribution provides the visibility and
accountability needed to protect critical systems and data. At Oasis, we're
proud to equip our customers with this essential capability, enhancing both
their security posture and operational resilience.
Oasis Security's new NHI Ownership Discovery Engine
empowers users to:
- Reduce the operational complexities that
come with managing thousands of NHIs across diverse systems
- Minimize
security risk by safely implementing remediation and lifecycle
actions
- Ensure
accountability, streamlining compliance
- Respond
faster to incidents
Unlike human identities, which are managed through
well-established governance processes and mature governance and privileged
access management (PAM) systems, NHIs are decentralized, lack a single source
of truth, and frequently bypass standard IT workflows and security checks.
Unmanaged NHIs create hidden vulnerabilities that attackers can easily exploit.
Research from Enterprise Strategy Group indicates that more than 46% of organizations have been subject to an NHI breach in the
last 12 months.
Ownership context is a key foundational step in any NHI
lifecycle process. After NHI ownership is established and attested, lifecycle
management actions can be implemented with the necessary approvals and without
breaking tools or processes. Ownership context is critical to move from
alerting to action, underscoring the need for these new capabilities.