The need for identity management
Hackers no longer break in, they log in. Identity management plays a key role in ensuring cybersecurity within your organization.
Identity as an attack surface
Vision paper
The importance of identity management
Logging in has become the new hacking. Cybercriminals don't just enter your organization's systems through technical vulnerabilities. The focus is increasingly shifting to the digital keys to the organization: identities.
By abusing user accounts, for example via stolen login details, phishing or the hijacking of session cookies, attackers can gain unnoticed access to networks, systems and data. Another advantage for attackers: this type of attack is often easier, faster and more effective than traditional, complex hacks.
Identity management is about managing digital identities and the rights that these identities have within an organization's systems and applications.
Due to the increasing misuse of identities, identity management has become one of the most important pillars in cybersecurity.
Points of interest
Identity vulnerability
For many people, a digital identity is the same as a username and password. We regularly see that employees use their passwords for multiple systems or applications. This makes it easier for malicious parties, especially when multi-factor authentication is not enabled, to make maximum use of accumulated identities.
Collecting identities
An attacker has a range of options when it comes to collecting identities. Phishing is one of the best-known ways to steal employee credentials. Spear phishing goes one step further. In this form of online scams, the attack is specifically tailored to the victim, for example because the attacker pretends to be a colleague.
Exploiting identities
When an attacker has identities, there are several ways to monetize them. A malicious person can use the data themselves, for example by sending new phishing emails to collect more account information or by trying to penetrate further into systems. The data can also be sold on the dark web.
Protect identities
There are a number of measures you can take to protect the identities within your organization. Endpoint security, network discovery and identity detection
are therefore important components of identity security.
Malware and credential harvesting tools and malicious login attempts can only be effective if they go undetected. SoCs (Security Operations Centers) are therefore increasingly making use of A.I-assisted monitoring to recognize anomalous behavior, such as the sudden use of an account at an unusual location and/or time.
In practice
Privileged access management
One of the options for managing access to systems is with privileged access management (PAM). PAM enables organizations to assign high rights temporarily and in a controlled manner. For example, instead of a permanently active admin account, an administrator only gets access for a specific task. In addition, passwords can be automatic
are rotated or even generated per session, making it
the risk of credential theft is significantly reduced.
Multifactor authentication
Another proven measure is multi-factor authentication (MFA).
MFA prevents only a stolen password from giving access because a second verification factor is required. This can be a combination of something someone is (e.g. a fingerprint or facial recognition) and something someone has (a password) or by using an authentication=app. However, we see that MFA is far from being mandatory everywhere, or used incorrectly: for example, when the second factor is easy to circumvent.
Conditional access policies
MFA is easy to combine with additional measures such as conditional access. This makes access to systems dependent on factors such as location, device status, or behavior. For example, if an employee always logs in from the Netherlands and now attempts to log in from outside Europe on an unknown device and suddenly downloads a lot of data, this combination leads to account blocking or additional verification to ensure that the login attempt is legitimate.
Download the vision paper on identity as an attack target now
Identity management is one of the most important pillars in cybersecurity. In this paper, we offer:
- Tools for setting up identity management
- Insight into how hackers misuse digital identities
- A glimpse into the future of how identity threats develop
Trusted by leading organizations in the Netherlands
Nice to meet you, we are Tesorion
Tesorion is a Dutch, multidisciplinary cybersecurity service provider. We combat cybercrime and minimize business risks. Tesorion protects your organization 24/7 thanks to our technology and more than 100 experts.
