BY Janine Seebeck4 minute read

It’s a sobering reality that today’s cyberthreat actors are better equipped than ever, leveraging increasingly advanced technologies to adeptly uncover and exploit identities to evade traditional cybersecurity defenses. To complicate matters further for defenders, digital transformation initiatives, like cloud migration and expansion, have created new layers of complexity, while also vastly increasing the number of digital identities—and their entitlements—across organizations. All this digital sprawl enables threat actors to compromise an identity, abuse entitlements, and access data without ever accessing a corporate device or deploying malware.

Simply put, the modern identity attack surface means it is easier to log in than hack in. In this environment, it’s unsurprising that digital identities are central to almost every cyberattack today, with 90% of organizations having experienced at least one identity-related security incident in the past year. Traditionally, no identities have been more important to protect than those with privileged access. Such access enables threat actors to bypass many security restrictions and fast-track achievement of their objectives. However, the complexity of the modern identity attack surface obscures our visibility of privileged access, giving threat actors the advantage. One of the best ways businesses can protect themselves today is through a modern approach to privileged access management (PAM) that helps to reduce the attack surface and remove the pathways that threat actors target and exploit.

ADDRESSING PATHS TO PRIVILEGE: TODAY’S IDENTITY SECURITY BATTLEGROUND PAM has long stood, and remains, the cornerstone of identity security by providing visibility, control, and oversight of privileged accounts and activity. However, modern IT environments utilizing cloud infrastructure and SaaS applications (with thousands of permissions through roles and entitlements) have blurred the definition of what is “privileged.” With all these permission types and planes of privilege, there are exponentially more identities today that can perform actions. What’s more, focusing on privilege itself is no longer enough. Effective identity protection also requires expanding your spheres of visibility, understanding, and control beyond traditional privileged accounts. This entails addressing how human and non-human identities access privilege. At BeyondTrust, we call these access steps “paths to privilege™,” and today, they are everywhere.

Some of these paths to privilege are known and protected; others are unknown and vulnerable. The bottom line: It’s critically important for enterprises to identify and secure not only privileged access itself, but all the known and unknown paths to privilege that lead to elevated access. ADDRESSING YOUR ORGANIZATION’S PATHS TO PRIVILEGE Developing a strong identity-first cybersecurity strategy that prioritizes uncovering and protecting all paths to privilege is a journey that requires a trusted partner and a tailored approach.

Here are five fundamentals to help guide you: 1. Seek Unified Visibility Businesses need a single view that spans across their identities, accounts, different sessions, and interconnected privileges. This means cross-domain visibility through their heterogeneous IT landscapes to break down identity silos and remove blind spots.

2. Discover All The Different Risk Pathways Without being able to fully visualize the potential impact, or blast radius, of a security incident, it’s easy to miss the privilege pathways that attackers could leverage to move laterally through the environment. Surfacing identity-based vulnerabilities and mapping these against identities helps organizations prioritize where to act first, based on which vulnerabilities present the highest risk and impact to the organization. 3. Reduce Your Identity Attack Surface And Threat Windows

To be effective against modern threats, you need to think about access and privilege reduction across two axes: the amount of access and the duration of access. This means implementing a least privilege approach that administers the least amount of privileges necessary for the least amount of time needed. Then, extend these concepts across every user, session, application, machine, endpoint, etc., to limit the risk of exploitation. 4. Know When Your World Has Changed IT estates are constantly changing, and it’s important not only to understand what’s changing in your environment, but also to know when these changes matter. Achieving this level of timeliness requires constantly monitoring identities, access, and your different paths of privilege for potential exploitation.

5. Respond With Speed And Precision As much effort as you put into prevention, expect that incidents will happen and attacks may land. Having visibility of true privilege/paths to privilege allows you to rapidly and proactively focus resources on remediating the greatest risks first. In the event of an identity compromise, you also have a clear view of the potential blast radius and where to focus remediation efforts to contain the compromise. A critical initial part of your response should be rapidly identifying when identities are compromised, or under threat of compromise, and then acting with pinpoint precision across teams and technologies to shut down the attack and prevent further lateral movement and privilege escalation. AI and machine learning can play a role here in providing autonomous detection, response, and optimizations. Fast-emerging identity threat detection and response (ITDR) technologies will also increasingly play a pivotal role in this area.