Key Points
- Successful authentication has long used as practical proof of session identity
- Phishing and other forms of credential theft show why this is way of thinking is obsolete
- Identity threats go beyond mere stolen credentials
- Stolen devices, step-ins, subcontracting, and employee account sharing are all threats
- ITDR is a new cyber vertical focused on detecting and responding to identity threats
For decades, identity in computing has been a matter of usernames authenticating to a session. But an authenticated session is no guarantee of identity.
Quick Read
In the cloud and network computing era, it has become clear that the largest source of cybersecurity risk for systems and data isn't buggy code, misconfigured hardware, zero-day exploits, or other similarly technical—and more "traditionally" cybersecurity—issues.
Instead, the largest sources of cybersecurity risk, and the largest contributors to data breaches and cyber incidents, are identity threats—cases in which there may be a mismatch between the presumed identity associated with a session, process, or workflow, and the identity of the actual individual with hands on keyboard.
Identity threats come in all shapes and sizes, from clearly malicious activities like phishing and spear-phishing to instances of petty crime like corporate device theft to activities that are incorrectly seen as benign, like account sharing within departments or teams. In each case, the potential exists for a privileged or sensitive resource of some kind to be accessed by an authorized account—that is in use by an unauthorized individual that does not own it.
Though initially many of these threats were associated primarily with specific technical domains—phishing with email security, device theft with physical security, account sharing with IT policy and governance, and so on—the overwhelming prevalence of identity as a driver of breaches has led in recent years to the rise of identity threat detection and response (ITDR) in cybersecurity.
IDTR encompasses tools and technologies designed to detect instances in which the authenticated session account does not match the actual user at the keyboard and to respond to these instances accordingly. In some cases, these are accomplished at the attack surface or service edge and in other cases they are accomplished more centrally via security incident and event management (SIEM) or security orchestration and response (SOAR) and data enrichment and correlation, but in all cases the goal is to raise a flag saying "This user is not the owner of this account!" and then take necessary steps.
Key ITDR core technologies include behavioral biometrics, various forms of user and entity behavior analytics (UEBA), advanced SIEM/SOAR data management and integration, and biometric or other forms of post-user-pass authentication. Though ITDR is relatively new, it is likely to grow rapidly in importance as it matures, given the degree to which identity threat detection and response remains one of the great undersolved problems in the real-world cybersecurity landscape.
Thanks for reaching out! A Plurilock representative will contact you shortly.
What Plurilock Offers
More to Know
ITDR Is Not IAM, SSO, or PAM
While related to IAM, SSO, and PAM in various ways, ITDR has different goals—specifically to detect cases in which there is a likely mismatch between the actual individual at the keyboard and authenticated sessions or accounts where identity is supposedly "known" and "proven."
ITDR Requires New Ways of Thinking
The biggest challenge faced when seeking and deploying ITDR solutions is often one of imagination. The user-pass identity architecture has become so entrenched as to seem self-evident, yet this is precisely the problem that ITDR seeks to solve—how to look beyond "successful authentication."
