top of page

From Trust to Zero Trust: The Role of Identity Analytics and ITDR

This guest post was contributed by Craig Cooper, COO at Gurucul

Craig Cooper, COO at Gurucul

In 2023, the average cost of a data breach rose to $4.45 million, after increasing steadily for three years. In an effort to reduce expensive data breaches and ransomware attacks, organizations and many of their individual IT Security teams have been incorporating elements of Zero Trust infrastructures into their networks to restrict access and have more control over their networks. Unlike most modern security solutions, Zero Trust is not a single point solution. It’s a framework for implementing a program that requires many changes to IT and security organizational policies for how IT systems are accessed and used. In essence, it says “Trust no one or anything — and always verify” versus the common practice of “Trust everyone and verify”. While 80% of respondents of a recent global survey reported plans to adopt zero trust in the future or had already adopted it, many are not achieving fully functional Zero Trust. Two significant solution components or critical parts of to achieving a successful Zero Trust program is the lack of Identity Analytics and Identity Threat Detection and Response (ITDR) systems.

Why are these two elements important? Identity Analytics software is necessary to consolidate date from across the network so IT can understand the current baseline of user privileges. A complete “before” picture lets them create new access policies and privileges that meet Zero Trust principles. Once these policies are in place, ITDR systems come into play. These systems can catch the outlier attacks that Zero Trust can’t defend against and remediate issues much more precisely (which helps streamline the overall Zero Trust rollout). With Identity Analytics and ITDR systems in place, IT Security teams can also leverage Behavior Analytics to set up monitoring across their networks for an extra layer of defense.

Why Identity Analytics is Critical

Identity Analytics is a key requirement for building a baseline of access rights (which users and accounts can access which data and systems) on a Zero Trust network. It creates the “before” picture of the network before any Zero Trust changes are made and tells IT where their gaps are. The data obtained from Identity Analytics allows IAM and IT Security teams to write new policies and set up both access controls (which users can access data) and access entitlements (what users can do with data) across the network. Creating these access controls and entitlements using Identity Analytics makes them better tailored to the actual state of users as it pertains to application, systems and network usage (and in turn, more effective) regardless of where they reside. This understanding is also critical when it comes supply chain partners.

Understanding where both your IT Security team and network are at any given time is key. But what other practices do IT Security teams need to implement to achieve this? The ability to consolidate data from multiple identity systems is another crucial component of a Zero Trust infrastructure because it enables other software like IDTR to come into play. This includes systems such as identity management, access management, governance, and privileged access management. Consolidating data from all these different systems into a single view is one of the biggest issues that IT Security teams face when it comes to building a Zero Trust network. The info obtained from unifying data from different systems allows separate IT departments to develop and implement the correct micro-parameters for the Zero Trust system. If this process can’t be done automatically, it’ll take much longer to do it manually. Without some type of automation, it may not happen at all.

The Role ITDR Plays in Zero Trust

While Identity Analytics is crucial to developing a proper Zero Trust system, ITDR is equally as important. Identity Analytics provides the context that IT Security teams need to make informed decisions, ITDR is good at detecting and preventing attacks that will get past the Zero Trust framework. These include attacks such as:

  • Attacking identity infrastructure to steal credentials (credential theft)

  • Breaking into identity infrastructure to get into the organization (identity fraud)

  • Mimicking a legitimate user by logging in with stolen credentials (hijacking)

For example, attacks that use stolen, yet legit credentials (bought from the dark web or taken from a data breach) won’t be stopped by Zero Trust policies. Those policies might create a false sense of security, but ITDR prevents that sense of security from being false.

In addition to catching outliers, ITDR also allows for very precise remediation actions when alerts occur. If the system detects an unverified user or sensitive information being accessed, it can lock down a single user or machine based on their specific entitlement. Traditionally, the approach would be to shut down an entire network segment while IT Security teams go in and manually address the situation. This manual process not only costs the business lots of time and money, but also interferes with employees and other aspects of the business that are being shut down due to the security problem. ITDR provides enough context to perform these very specific and targeted remediations.

Finally, a component of ITDR called Behavior Analytics also plays an important role in a Zero Trust rollout. Behavioral Analytics adds additional context and most importantly, aids in IT Security teams monitoring the entire network. During a Zero Trust project, many parts of the network will change and some of those changes will have unintended consequences that create security risks, drag down application performance, or cause of networking problems. Without monitoring, the IT Security or NetOps team will have to wait for these problems to affect users and for those users to complain about them. Then they’ve lost momentum on the Zero Trust project and biased their users against it. Overall, Behavioral Analytics allows IT to know if Zero Trust is working and get ahead of problems.

While Zero Trust is becoming a more prevalent security protocol for organizations, many still have a long way to go when it comes to developing a truly functional Zero Trust infrastructure. However, by unifying your systems through Identity Analytics, defending attacks with ITDR, and staying on top of your network by monitoring with Behavior Analytics, your organization will be on top of any security issue that may arise.


###

Comments


bottom of page