By Josh Neame, CTO at BlueFort Security
Identity security is one of the most significant challenges security and IT leaders face today. This year’s Verizon DBIR found that stolen identity and privileged access credentials account for 61% of all data breaches.
There’s no doubt this has become a top priority for all organisations, and it’s an issue that’s not going away any time soon. This is a problem that Snowflake is painfully aware of as its recent breach looks like it’s going to end up being one of the biggest of all time. In June, it revealed that criminal hackers had been attempting to access its customers’ accounts using, you guessed it, stolen login details.
What is authentication?
At its simplest, authentication permits only authenticated users or processes, access to an organisation’s protected resources. This can include personal computers, wireless networks, wireless access points, databases, websites, and other network-based applications and services.
Once a user or process is authenticated, there’s usually an authorisation step to decide if they will be granted access to a specific resource or system. Just because someone is authenticated, doesn’t mean they automatically have permission to access everything—they might still be blocked if they don’t have the right permissions.
Authentication versus identification
It’s important to note that often authentication and identification are confused. Whilst they are implemented together, they are in fact, two distinct functions. Authentication involves validating the identity of a registered user or process, before enabling access to protected networks and systems. Authorisation is the process that ensures the authenticated user or process has been granted permission to gain access to the specific resource requested.
Why authentication is important
Failing to protect users’ credentials leaves an organisation at risk of a serious breach which could result in the loss of data, a ransomware attack, or major disruption to your business (as Snowflake, Hugging Face and others have experienced). The end result could be regulatory fines, reduced revenue and damage to your reputation.
The unknowns of identity attack
To further exacerbate the identity issue, in addition to the known identity attack surfaces, a recent report – The Identity Underground Report – highlights the risks posed by the so-called hidden world of misconfigurations, forgotten user accounts and legacy settings. Equally susceptible to an identity attack, these factors are often ‘co-conspirators’ when it comes to credential theft, privilege escalation and lateral movement.
You can read the full report at the link above, but to summarise the key findings:
- 67% of organisations exposed their SaaS apps to compromise with insecure on-prem password sync.
- 37% of admins authenticate in NTLM (Network Trust Level Manager), enabling attackers to access cleartext passwords.
- 109 new shadow admins are, on average, introduced by a single AD (Active Directory) misconfiguration, enabling attackers to reset a true admin’s password.
- 31% of all users are service accounts with high access privileges and low visibility.
There’s no doubt that identity has become the weakest link in enterprise security, and solving it requires a new, holistic approach. With 80% of organisations having experienced an identity-related breach, and compromised credentials being the number one tactic used by threat actors and ransomware campaigns, organisations need a way to easily visualise, detect, prevent and respond to identity-based attacks.
The fundamentals of identity security
1. Understanding Your Environment
If you don’t have a clear picture of who’s in your environment and what they’re doing, spotting potential risks, identity threats, or security gaps becomes nearly impossible. The first step to tightening up security is having full visibility – you can’t protect what you don’t know about. When you can see everything, you can keep tabs on all human users, non-human identities, service accounts, and the security risks tied to each account. With that visibility, you’ll also gain actionable insights—like who’s accessing what resources, which authentication protocols they’re using, and what risks those actions might pose. It’s all about knowing what’s going on so you can stay ahead of the threats.
2. Prioritising Identity Risks
Once you have full visibility into user authentications and activities, you’ll be able to start tackling and mitigating the risks they pose. Security gap prioritisation is key, as it will help identify the most critical areas. By focusing on privileged users, and users authenticating through insecure protocols, you will be able to prioritise these security gaps first. It is important to address these critical areas immediately, to protect your organisation’s environment and prevent any further risks or threats.
3. Applying Strong Security Controls
Once you have complete visibility into your environment and understand your security risks, it is time to apply security controls. By adding security controls like MFA, deny access policies and more, you will be able to verify users’ identities before approving or restricting their access requests. By implementing identity segmentation to your user base, you can isolate user access based on their roles; ensuring individuals have access to the resources according to their job functions. Additionally, by adopting the least privilege model across your environment, users will have the minimum permissions required to perform their tasks. With the implementation of security measures across all users and resources within your organisation, you can ensure your users and resources are secure while strengthening your security posture.
Not all authentication platforms are the same
BlueFort Security works with a suite of carefully chosen technology partners. These partners deliver a range of cybersecurity solutions, all of which are vetted by our technical team. From an authentication perspective, we collaborate with Silverfort, the Unified Identity Security company that pioneered the first and only platform that enables modern identity security everywhere.
Most enterprises use a combination of an on-prem identity management tool (i.e. Active Directory) and a mix of several cloud identity providers (IdPs), to manage and secure identities. Each tool operates in a silo, leaving gaps and blind spots that often result in an organisation being unable to report identity-related data breaches. A universal and unified approach to identity security is no longer a nice-to-have, but a must-have for organisations looking for more resilient and scalable identity security programs.
Identity is often a shared responsibility across multiple departments with different goals. Already overworked and understaffed, identity and security teams are stuck using a patchwork network of tools to manage, and secure identity across complex hybrid environments, many applications and thousands of people.
Silverfort’s Unified Identity Security Platform protects every identity in an environment, including those that previously went unprotected. Designed not to interrupt a business’s daily operations or disrupt day-to-day users, Silverfort extends protection to critical resources such as non-human identities, command-line tool and OT infrastructure.
Unlike other vendors, it’s easy to deploy, proxyless, and can secure identities in the cloud or on-prem. Silverfort breaks down identity barriers and silos, providing a unified identity security layer that helps organisations keep pace with today’s complex threat environment.
Silverfort’s Unified Identity Security Platform:
- Discovers, protects and monitors service accounts (non-human identities) without modifying them.
- Extends existing MFA solution to ‘unprotectable’ systems (legacy applications, command-line interfaces, OT systems, File Share, etc.)
- Connects legacy applications into modern cloud IAM (including Azure AD Conditional Access).
- Detects and responds to identity-based attacks in real time, including account takeover, ransomware propagation and lateral movement.
It’s worth noting that Silverfort is a top-tier Microsoft partner and was selected as Microsoft’s Zero Trust Champion of the Year.
How BlueFort can help
Our solutions are driven by industry standard methodologies including NIST, but also ISO27001, CyberEssentials+ and CTEM. Cybersecurity is a complex, complicated issue. BlueFort offers a unique combination of people and technology focussed on simplifying your cyber journey. Our curated suite of tools, products and skills will help simplify, consolidate, optimise and transform your cybersecurity environment.
If you’re curious to see how we can help you tackle your identity-related security challenges, get in touch and we’ll connect you with other customers who’ve benefitted from the powerful combination of BlueFort’s technical prowess and Silverfort’s award-winning Unified Identity Security platform.