Live Now:
Menu
Menu
Menu
61Percent | Proportion of all data breaches that currently involve credential misuse, the most frequently encountered identity threat.https://www.verizon.com/business/en-gb/resources/reports/dbir/ |
For decades, identity in computing has been a matter of usernames authenticating to a session. But an authenticated session is no guarantee of identity.
In the cloud and network computing era, it has become clear that the largest source of cybersecurity risk for systems and data isn't buggy code, misconfigured hardware, zero-day exploits, or other similarly technical—and more "traditionally" cybersecurity—issues.
Instead, the largest sources of cybersecurity risk, and the largest contributors to data breaches and cyber incidents, are identity threats—cases in which there may be a mismatch between the presumed identity associated with a session, process, or workflow, and the identity of the actual individual with hands on keyboard.
Identity threats come in all shapes and sizes, from clearly malicious activities like phishing and spear-phishing to instances of petty crime like corporate device theft to activities that are incorrectly seen as benign, like account sharing within departments or teams. In each case, the potential exists for a privileged or sensitive resource of some kind to be accessed by an authorized account—that is in use by an unauthorized individual that does not own it.
Though initially many of these threats were associated primarily with specific technical domains—phishing with email security, device theft with physical security, account sharing with IT policy and governance, and so on—the overwhelming prevalence of identity as a driver of breaches has led in recent years to the rise of identity threat detection and response (ITDR) in cybersecurity.
IDTR encompasses tools and technologies designed to detect instances in which the authenticated session account does not match the actual user at the keyboard and to respond to these instances accordingly. In some cases, these are accomplished at the attack surface or service edge and in other cases they are accomplished more centrally via security incident and event management (SIEM) or security orchestration and response (SOAR) and data enrichment and correlation, but in all cases the goal is to raise a flag saying "This user is not the owner of this account!" and then take necessary steps.
Key ITDR core technologies include behavioral biometrics, various forms of user and entity behavior analytics (UEBA), advanced SIEM/SOAR data management and integration, and biometric or other forms of post-user-pass authentication. Though ITDR is relatively new, it is likely to grow rapidly in importance as it matures, given the degree to which identity threat detection and response remains one of the great undersolved problems in the real-world cybersecurity landscape.
Identity Threat Detection and Response technologies concern themselves with detecting mismatches between the owner of a session, grant, or set of credentials and the individual who appears to be using them at any given moment. Unlike Identity and Access Management (IAM) tools, which mostly concern themselves with the day-to-day of identity management and authentication, ITDR technologies are designed to detect and enable responses to cases in which an unauthorized user may have gained access, whether as a matter of credential theft, account takeovers, session takeovers, other other instances in which the user of an identity appears no longer to be its owner.
