Identity & Access Management
Education Level: Basic
6114 - Identity Management – The Missing Puzzle Piece to Solving Threats
Wednesday, September 27
9:00 AM - 10:00 AM
The threat hunting and intelligence cycle is a highly discussed and worrisome topic. In the cycle of gathering, analyzing, hunting, and taking action against threats IDM is usually not involved even though their role is a powerful component of the process. In its basic application IDM is involved in the two critical attack stages of elevating privileges and moving laterally. Entrance into a compromised system is just the beginning. When the enemy works to raise their permissions to a domain (or other uber level), IDM has a role to play in preventing and detecting when account permissions are elevated beyond what has been approved. When that same adversary seeks to move around laterally IDM adds valuable context to what systems and actions are authorized for a user. Threat intelligence frequently feeds security operations and vice versa. They exist in an organic relationship to support one another; however, it is missing a critical component. Identity management is a missing piece of the puzzle. IDM’s knowledge, understanding, and ability to act on credentials, authorized permissions, and access is an overlooked capability. Involved in the cycle of threat as noted, a strong identity management program can shorten response times, assist in building intelligence profiles of adversary activity, and thwart enemy actions with strong design, recurrent permissions investigation, and more.
- How IDM has a powerful role in the threat hunting, deterrence, and building intelligence.
- How partnering TI, IDM and Security Operations creates a powerful self-reinforcing cycle
- Why IDM is often missing in the threat cycle of operations.