Delinea | Privileged Access Management Blog

Secure Identity Threats with Delinea CIEM & ITDR Solutions

Written by Jeff Carpenter | Apr 30, 2024 11:22:12 AM

Ask any cybersecurity professional and they’ll tell you that weak or stolen credentials are involved in most breaches. Perhaps no statistic in our industry is referenced as often. Each year, for example, the Verizon Data Breach Report backs up this assertion.  

After all, why should a bad guy work to break encryption, evade endpoint security, or purchase an expensive zero-day exploit from the dark web when they can just steal some credentials and walk in through the front door?

Even organizations with strong security policies and controls experience these types of identity-related attacks. Would you know if an identity in your organization—across your complex, constantly changing, multi-cloud infrastructure—was compromised?

To help you protect your organization, Delinea is introducing a Cloud Infrastructure Entitlement Management (CIEM) solution to detect and remove standing privileges in public clouds and an Identity Threat Detection and Response (ITDR) solution designed specifically to combat attacks across the identity layer as part of a broader vision to centralize and build policies for authorization across organizations. 

Here’s what they do and why they matter. 

Delinea Privilege Control for Cloud Entitlements 

Delinea Privilege Control for Cloud Entitlements helps you contain the sprawl of identity entitlements across your multi-cloud infrastructure. This is what CIEM solutions do: reign in over-privileged identities across cloud platforms.

The cloud is everywhere. Most organizations run a significant portion of their business through cloud platforms like Google Cloud Platform (GCP), Microsoft Azure, and Amazon Web Servers (AWS).  According to OVHcloud, 62% of organizations are currently using multi-cloud environments.

In these multi-cloud platform environments, users are operating with privileges. Developers are checking in code and admins are on-boarding users and assigning rights. Users get more privileges to do their jobs, but seldom have them taken away when they are no longer needed. Plus, machines are automating processes. 

Machine identities, such as service accounts that run applications, virtual machine instances, and various background processes, usually vastly surpass the number human identities in most public clouds. According to Microsoft, workload identities outnumber humans by 10:1. They have privileges and are logged in with credentials that can be easily stolen. 

A single compromise of one cloud identity—human or machine—could seriously impact your organization, maybe even in a catastrophic way. 

An entitlement, or privilege, is a “right” assigned to an identity to do what they need to get their jobs done. These authorizations are essential for cloud activities. For example, an EC2 (Amazon) cloud administrator has entitlements to manage the cloud instance and create new users or start services. A developer can check in code. A virtual machine may have read/write access to a database to schedule backups. 

What Delinea does

At its heart, the Delinea solution enables organizations to achieve the Principle of Least Privilege, the idea that every identity should only be allowed to have the minimum entitlements necessary to do its job. 

Typically, entitlements are assigned to an identity when it’s originated, taking the rights and privileges from the group membership to which it belongs. Another way an identity gets entitlements is by requesting and receiving additional rights from an approver, like an IT administrator.

The problem is that having too many entitlements floating around your cloud could lead to adverse consequences should an over-privileged human or machine identity get compromised. 

Provisioning users with entitlements is easy. Evaluating and removing them when they’re no longer needed is the hard part. Cloud platform tools are bad at managing entitlements. So are traditional Identity and Access Management (IAM) tools that have very limited visibility into locally created machine accounts on cloud platforms. These tools have a difficult time looking across multiple cloud and identity platforms to figure out which identities should have entitlements and re-balancing them when necessary.

Privilege Control for Cloud Entitlements provides cloud security leaders with deep context into cloud and identity configuration and usage so you can discover excess privileges and limit authorization across multi-cloud infrastructure to reduce your risk.

Specifically, the solution does the following:

  • Provides visibility of all human and non-human identities and their access pathways across public multi-cloud infrastructure so you can understand them.  
  • Discovers the riskiest identities by revealing misconfigurations and detecting anomalous behavior. For example, it evaluates whether identities are validated with multi-factor authentication and uses analytics to gain context of user behavior to understand uncharacteristic events—like an admin suddenly creating a massive number of admins.
  • Achieves least privilege by right-sizing entitlements to reduce risk without interfering with an identity’s task. That way, even if an identity in your cloud infrastructure is compromised, the damage is contained.
  • Continuously monitors for new users, shadow admins, and privileged users. In dynamic, complex cloud platform environments, it never stops working to evaluate identities for the proper level of entitlements. This reduces the risk that a stale or unused identity will be vulnerable to compromise.

Delinea Privilege Control for Cloud Entitlements delivers a full range of capabilities to achieve least privilege in cloud infrastructure.

 

Delinea Privilege Control for Cloud Entitlements provides all of these capabilities and more.
Find out more by visiting delinea.com

 

Delinea Identity Threat Protection 

Just as Privilege Control for Cloud Entitlements enforces least privilege across multi-cloud, the next solution expands the boundaries of identity security, adding detection and response and high-quality identity insight for security operations, and does so for all identities across the organization.

Delinea Identity Threat Protection continually evaluates identities across your organization to detect and remediate threats. It builds context across the identity layer, so you can discover issues and remediate threats as they happen, reducing the risk to critical systems and data.

Delinea Identity Threat Protection:

  • Discovers all identities and their access to surface identity misconfigurations, such as identities lacking MFA or virtual machines that may unknowingly be internet-facing. That way, you can address potential issues before attacks occur.
  • Detects signs of an identity-based attack in progress. For example, it identifies brute force attacks, MFA bombing, login from malicious IP addresses, and password spraying across federated and local identities, as well as anomalous behavior such as uncharacteristic new account creation or privilege escalation. 
  • Builds context so you can understand the full access each identity has across multiple identity providers, SaaS applications, cloud, and traditional infrastructure. Graphic visualizations help you quickly answer time-sensitive questions such as, “what is the impact of a compromised identity” 
  • Responds with insight using AI-driven risk scoring that accounts for multiple factors, like highlighting the most vulnerable identities and potential impact of an identity compromise.  It remediates suspicious activity, for example, by requiring additional MFA or resetting a credential to stop an attack. High-quality identity signals can be sent to your Security Information and Event Management (SIEM) tool to be correlated with other data and reduce noise from excessive alerts.

 

Delinea Identity Threat Protection continuously protects against identity-related
threats across multi-cloud, hybrid, and identity providers.

 

Many Security Operation Centers (SOC) and security operations teams are ill-equipped to prevent a compromise at the identity layer and lack investigative tools for post-event follow up. Traditional cloud and IAM tools don’t work well across Infrastructure-as-a-Service (IaaS) and Software-as-a-Service (SaaS) boundaries. For example, machine identities are often provisioned locally and can be forgotten when no longer needed, their privileges remaining intact.

Delinea Identity Threat Protection looks across boundaries to give you a unified view of identities. It has preventative features that finds identity misconfigurations and detects anomalous behavior. If a situation is detected, Identity Threat Protection can immediately neutralize a potentially compromised identity, report on that activity, and deliver high-quality signals to the security operations team for further action. 

 

You can see how Identity Threat Protection works by navigating this interactive demo.

 

Two solutions delivered on the Delinea Platform

By moving as closely as possible to zero standing privileges, you reduce risk. With continuous oversight, you can adjust as risk factors change and respond to threats as they happen. 

Both Delinea Privilege Control for Cloud Entitlements and Delinea Identity Threat Protection are delivered through the Delinea Platform, centralizing authorization to make you more secure and your teams more productive. 

To learn more about these two new identity security solutions, register for the webinar.