Identity and access security: Strengthening the resilience of cybersecurity’s front lines

Introduction

As security industry analysts, we typically don't focus on particular attack types or threat actors as much as we study the offerings to confront these challenges brought to market by technology product and services providers. But cybersecurity is different from many other technology markets in that its directions aren't set by innovators working toward goals defined by themselves. It is a field much more like gamesmanship or military strategy, where intelligent adversaries and defenders contend against each other. In this arena, incidents and events can often change the very nature of the field. Yesterday's successful tactic can become commodity tomorrow, while newly exploited or revealed gaps may appear to change priorities for investment. And the market of products and services must respond.

In the last couple of years, we have seen attacks such as ransomware have such an impact. Indeed, the prevalence of such incidents – and the underground economy that has aligned to support them – seem to speak directly to the extent of the attacker's opportunity. Are there consistent themes in defensive gaps that make such a flourishing possible?

In some cases, the answer must be yes – and one of the most apparent such themes is the opportunity presented to attackers by gaps in identity and access management. Once an initial foothold into a target is gained, the ability of attackers to discover access privileges and relationships has enabled them to identify where and how those privileges can be acquired and exploited to do significant damage – including the ability to encrypt or otherwise compromise business-critical resources and effectively hold them hostage.

If you found this article useful, you can listen to our Next in Tech podcast and view 451Nexus sessions on-demand for more information.