How do you know if your identity security efforts are focused in the right places for maximum impact?
I’m talking about the type of impact that you can report to the board to show you’re not just spending a lot of time and money on activities, but that you’re improving your identity security risk posture.
Identity Security Posture Management (ISPM) provides you with data you can share with technical and business leaders to align goals and expectations. These shared metrics help break down silos between IT operations teams and security teams, and they elevate the conversation around identity security to a boardroom discussion of risk.
With Identity Security Posture Management, you can get a much more targeted understanding of your identity security posture. You can measure what your current risk exposure is so that your leadership can make an informed decision as to whether they’re willing to accept that risk. If it’s out of alignment, ISPM helps you close that gap.
ISPM is similar but different from Identity Threat Detection and Response (ITDR).
It may seem like ISPM is just the latest acronym in the identity security universe, but each of the letters carries weight. The combination of each element is what makes Identity Security Posture Management special.
I= Identity
ISPM joins the family of “Posture Management” acronyms
ISPM is part of a larger posture management ecosystem. Other types of posture management solutions include Infrastructure Security Posture Management, Cloud Security Posture Management, Application Security Posture Management, Data Security Posture Management, and Network Security Posture Management. Each of these categories focuses on specific aspects of an organization’s attack surface.
With ISPM, you think of identity as an asset you need to protect, just as you protect infrastructure, cloud resources, applications, databases, and networks.
Identity Security Posture Management interrogates the identity attack surface, an ever-expanding sprawl of over-provisioned identities, orphaned accounts, and standing privileges. It highlights vulnerabilities along the identity attack chain, in which adversaries leverage identities and credentials to obtain high levels of access to sensitive data and systems.
S = Security
ISPM is a blending of security technologies and disciplines
Identity Security Posture Management incorporates capabilities from other IT and cybersecurity disciplines like Privileged Access Management (PAM), Identity and Access Management (IAM), Identity Threat Detection and Response (ITDR), and Governance, Risk, and Compliance (GRC). Because it correlates information and contextualizes it, ISPM enhances the effectiveness of identity security solutions you’re already using.
Identity Security Posture Management transforms whatever it touches from a reactive to a proactive approach to security. It increases your security by reducing the likelihood that identity-based attacks will be successful. If one does occur, ISPM helps you contain the blast radius to safeguard your most important and sensitive resources.
With ISPM, you can measure security to determine if you are safer now than you were in the past. Because you can prioritize problems, you become more secure faster,
P = Posture
ISPM quantifies your risk posture
Identity Security Posture Management evaluates your on-prem and multi-cloud environments and runs a set of checks against known identity-based risks. For example, it will check for unvaulted admin accounts, privileged access without MFA enabled, stale accounts, orphaned accounts, or excessive, standing permissions.
Based on gaps in your risk posture, ISPM helps you determine the probability or likelihood that an attack against you will be successful.
In this case, Delinea’s Identity Security Posture Management found 16 administrators in a Microsoft environment where credentials aren’t vaulted. That’s a fail for that particular cloud environment that helps generate a posture, a risk percentage.
Identity Posture and Threat Checks
- Importance of the role. We look at various IdPs to determine if this person is an admin and at what level - super admin, mid-level admin, privileged user, shadow admin, etc. We also look at what they can do. Can they create new users? Can they self-escalate? Escalate the privileges of others? Do they have read/write capabilities to data stores?
- Likelihood of being breached. Various factors can increase the likelihood of a successful attack. For example, newly created users are riskier than those that have been around for a while. Do they have a strong password that is rotated? Are they using MFA? When did they last login to their account? An important admin role that has administrative rights to different resources that doesn't have MFA is going right up to the top of the identity posture list of riskiest identities to resolve. AI and ML can help by analyzing and correlating complex permission structures across multiple accounts linked to an identity, uncovering hidden privilege escalation pathways and identifying hard-to-detect risks such as shadow admin accounts.
To be clear, each of your environments may have different risk postures and risk tolerance. One may be hosting critical apps, and another one may be hosting less important resources.
While you may never reach 100% “coverage,” you can set your sights on an achievable goal for posture improvement. In this case, you know you're only 24% secure. You need to do something about it.
M = Management
ISPM helps you prioritize actions and communicate results
The benefit of Identity Security Posture Management isn’t just the discovery and analysis to see what's good, bad or indifferent, but the follow-on from that. Continuous monitoring and analysis give you visibility into permissions and configurations so you can react when things go out of policy.
You need to know: What do I do now? How do I fix it?
Identity Security Posture Management solutions like Delinea Identity Threat Protection provide recommendations for remediating found issues. You can set up incident response workflows and runbooks that will execute under certain conditions to save your team time and reduce your risk exposure.
ISPM can also auto-remediate. You can configure some actions such as disabling an account, or adjusting group membership, automatically vaulting privileged accounts that are discovered.
For ongoing management, an ISPM dashboard helps you measure and communicate improved risk posture. As you resolve risky identities, your identity posture score will improve.
The future of Identity Security Posture Management
Implementing Identity Security Posture Management helps close the gap between technical complexity and business impact. The visibility and perspective ISPM provides helps you align your organization around the question of risk, with practical and actionable recommendations to lower your exposure with shared goals and metrics. As the identity attack surface becomes more complex, it’s an essential tool to have in your arsenal.
