Authomize announced today that we are the Identity Threat Detection and Response (ITDR) Platform.
If you missed our Press Release on the announcement, take a moment to check it out here.
Still an emerging category, ITDR represents an evolution in how security professionals think about the challenges of securing the identity and access layer to meet the threat landscape.
The development of ITDR is a recognition that just as we need to protect our endpoints, network, cloud, and other potential threat surfaces that an attacker may attempt to compromise, the identity and access management (IAM) systems that we use to manage our identity and access need to be defended.
On many fronts, the blue team has made more than its fair share of advances in recent years. Tools like Identity Providers (Okta, Azure AD, Ping, etc), Multi-factor Authentication (MFA), Single Sign-On (SSO), and Privileged Access Management (PAM) have all become fairly standard across industries. Their use has made it easier to provision access to identities and manage many parts of the identity lifecycle, granting and revoking access as needed.
However, the past few years have shown us that these tools are themselves vulnerable to exploitation. A series of incidents, thinking of SolarWinds, Colonial Pipeline, Okta, and Uber just to name a few, have shown that attackers are targeting our IAM infrastructure. They are attempting to undermine the very systems and tools that we depend on to manage our identity and access.
These incidents clarify a critical point when it comes to IAM security, which is this: IAM infrastructure tools are not security tools. They are management tools that need to be secured by a dedicated security layer that fills in the gap.
Authomize is that layer of security for IAM, and we are here to help you detect and eliminate identity-based threats across your cloud and IAM infrastructure.
Here’s a little bit about how we do it.
Authomize’s Approach to ITDR
Over the past couple of months, our team has written a couple of articles explaining what ITDR is and our approach to it.
You can read some of them here:
- 3 Steps to Take to Get Started with Identity Threat Detection and Response (ITDR)
- Identity Threat Detection and Response Explained
Take a few minutes to check out those helpful resources. In the meantime, we have pulled together a couple of points to help you understand what our ITDR capabilities enable you to protect against and achieve.
What Does Authomize’s ITDR Protect Against?
The list of what Authomize’s ITDR Platform can detect is exhaustive, but some of the most common detections include:
- Insider threats
- Account takeovers
- Privilege escalation
- Lateral movement
- IAM misconfigurations
- Impersonation attacks
- New Identity Providers
- Stale accounts
What Does Authomize Enable Customers to Do?
Authomize’s ITDR platform provides true end-to-end identity and access security by empowering customers to:
- Harden their security posture by achieving a continuous state of Least Privilege and eliminating risks
- Detect active threats targeting their IAM infrastructure (IdPs, PAM, & SSO) and changes to privileges
- Automate response with their security operations using webhooks and native integrations for faster, more efficient remediations
- Accelerate investigation and prioritization of incidents by providing a rich identity context
How Does Authomize Do It?
Granular yet comprehensive visibility over all identities, assets, access privileges, and activities across all cloud environments (meaning IaaS, SaaS, Data, IAM, etc) allows us to truly understand who has access to what and how that access is being used.
Our agentless platform goes cross-cloud, meaning that we can track access privileges and their usage all the way from the identity as it appears in an organization’s Okta, to the roles it can assume in AWS, to an identity from GitHub that may or not appear in the IdP as belonging to an employee.
Because we are able to connect directly with all of these environments, normalize and analyze the data with our proprietary Machine Learning SmartGroups, we can provide deep insights that no other provider can.
Using this visibility, we can detect risks like which access privileges have not been in use (stale accounts), generate detailed maps of access paths (including access granted through group membership but obfuscated by gaining their access through other groups – because IAM has to be super complicated for some reason), and misconfigurations to your IAM.
Our monitoring is continuous, so we can also alert on active threats like impersonation in your IdP or the creation of new admins that may come before an attack as the adversary escalates privilege.
We then provide our contextual data and alerts and help you to operationalize it with your security operations. Using our webhooks and REST API, it is easy to connect Authomize with your ITSM, SOAR, SIEM, or XDR to help remediate and resolve issues faster.
We could go on with more details, but that’s what our fantastic Solutions Engineers are there to do when you join us for a demo of the platform.
But before you do, start with an assessment.
Free Assessment of Your Identity Risks and Threats
As part of our announcement, Authomize is offering a FREE Assessment of your Cloud and IAM infrastructure.
Requiring no commitment, our agentless assessment can detect any of the risks mentioned in this post, surfacing concerns throughout your identity and access layer for quick fixes.
For more information about the FREE Assessment, click here.