Identity & Access Management

Education Level: Basic

6114 - Identity Management – The Missing Puzzle Piece to Solving Threats

Co-Speaker(s)

• 

  Eli Anderson

  Chief Information Officer
  CyberDefenses
• 

  Monty St. John

  Security Intelligence Architect
  CyberDefenses

The threat hunting and intelligence cycle is a highly discussed and worrisome topic. In the cycle of gathering, analyzing, hunting, and taking action against threats IDM is usually not involved even though their role is a powerful component of the process. In its basic application IDM is involved in the two critical attack stages of elevating privileges and moving laterally. Entrance into a compromised system is just the beginning. When the enemy works to raise their permissions to a domain (or other uber level), IDM has a role to play in preventing and detecting when account permissions are elevated beyond what has been approved. When that same adversary seeks to move around laterally IDM adds valuable context to what systems and actions are authorized for a user. Threat intelligence frequently feeds security operations and vice versa. They exist in an organic relationship to support one another; however, it is missing a critical component. Identity management is a missing piece of the puzzle. IDM’s knowledge, understanding, and ability to act on credentials, authorized permissions, and access is an overlooked capability. Involved in the cycle of threat as noted, a strong identity management program can shorten response times, assist in building intelligence profiles of adversary activity, and thwart enemy actions with strong design, recurrent permissions investigation, and more.

Learning Objectives:

• How IDM has a powerful role in the threat hunting, deterrence, and building intelligence.
• How partnering TI, IDM and Security Operations creates a powerful self-reinforcing cycle
• Why IDM is often missing in the threat cycle of operations.