Facing the era of offense and defense with no boundaries, no rules, and no distinctions (enterprise scale), identity security will play an increasingly important role in future network security. Identity security has been a hot topic in network security innovation in recent years. From a new technology proposed in 2022 - Identity Threat Detection and Response (ITDR for short), to the deep integration of identity management proposed in 2023 ITDR - Identity Fabric Immunity (Identity Fabric Immunity), Gartner's annual network security trend puts identity security as one of the key points.
With the digitization of modern enterprises and the intelligent Internet of Everything, infrastructure and applications deployed in hybrid clouds, and the normalization of hybrid offices, identities are becoming more complex. There are many identity scenarios and data in different places and applications . into a huge identity network . The interconnection of all identities and the sharp increase in the complexity of organization and authority management will lead to a sharp increase in enterprise management costs and security issues. Enterprise identity management in various scenarios urgently needs distributed, native, and independent trusted identity security technologies .
The important development trend of the next generation of identity security products and IAM technology is mainly towards AI intelligence, integration of ITDR integration, and an active identity security defense capability building strategy that emphasizes "immunity".
A Looming Identity Crisis
Identity, as the entrance to various applications of an enterprise, exists in a large number in the internal and external businesses of the enterprise. As the core data, the importance of identity to enterprises is self-evident. Identity governance and identity infrastructure construction have become a must for enterprises. And with the promotion and implementation of the concept of zero trust technology, enterprises have higher and higher requirements for identity security capabilities. However, the current identity and access management products (IAM) do not have security detection and defense capabilities in their technical configuration and functions, which will lead to the failure of early warning and defense when identity attacks may occur.
Identity is the defender's shield, and it is also the attacker's goal. Analyzing the security incidents that have occurred continuously at home and abroad in recent years, in fact, identity is the most vulnerable part of the attack surface, and attackers are more inclined to attack through identity theft and credential abuse, which will be more concealed. According to data from the "Data Breach Investigation Report", 85% of data breaches involve human factors, and 61% of data breaches involve login credentials (Identity). As the attack link becomes more and more complex, identity will be a core link point, and even a key detection point and blocking point.
The internationally renowned cybersecurity conference RSAC 2023 has come to an end, and its CEO Rohit Ghai delivered an opening speech on the theme of identity security entitled "The Looming Identity Crisis".
Rohit mentioned in his speech that the vulnerability of identities has increased exponentially, and it takes an average of 277 days for organizations to identify and control data breaches.
Although the topic is still dominated by "identity security", as Rohit mentioned in his speech, this name may not be accurate. It is not just access management and identity management (IAM), it is just a basic function, and Not the most important function. The existing IAM and zero-trust identity solutions mainly solve the problem of management, which lacks the most important security capability. Actual attackers will definitely try to bypass the login, bypass the IAM, bypass the second authentication MFA, and finally cause immeasurable losses to the enterprise.
In order to make the identity security platform perform better in terms of defense, Rohit recommends the use of a security technology covering the full lifecycle management of identities - Identity Threat Detection and Response (ITDR).
ITDR is a complement to the lack of security capabilities of existing products. The two parties need to be deeply integrated to detect the real identity of users in real time, detect permissions and theft of credentials, and detect abnormal behaviors of users in identity authentication traffic in real time, and then make timely decisions. response.
Identity security has become a hot spot for security innovation
Innovation and entrepreneurship in the direction of identity security at home and abroad has always been in a hot state. From the security maker meeting hosted by Qi Anxin in China to the RSAC innovation sandbox abroad, the popular tracks and innovation trends are basically close, and identity security innovations appear every year. It can be seen that the demand side drives innovation particularly significantly.
There are roughly three options for innovation and entrepreneurship in identity security:
| The technology application in the XDR field is biased, which means that the manufacturer has also launched a product line of identity threat protection. More generalized DR capabilities are more universal, but usually lack a deeper identity perspective and poor adaptability to existing identity products.
| Focus on ITDR technology itself, or use AD as the key application direction, to provide identity security capabilities for enterprises. It is more focused on providing protection capabilities around the company's existing identity infrastructure, but it is very dependent on the status quo of the company's existing identity infrastructure, as well as customization and integration difficulties.
| Provide a next-generation identity security platform, integrate the innovative technical architecture of IAM and ITDR, combine identity threat intelligence technology and AI, etc., to achieve "identity-woven network immunity". Pay more attention to the threat detection capability and real-time performance of the entire identity process, integrated product design, simple operation and maintenance on the user side, and more cost-effective procurement. However, the investment in product research and development is heavy, and users have higher requirements for product functional integrity and ease of use.
In Gartner's 9 top cybersecurity trends for 2023, it lists "identity-woven cyber immunity" as a future trend as the development direction of identity security. According to Gartner, "Vulnerable identity infrastructure is caused by incomplete capabilities or coverage, misconfigurations, or vulnerable links. By 2027, the bottom line of identity-woven network immunity is to prevent 85% of new attacks. thereby reducing the financial impact of threatening behavior by 80%”
This woven identity network in the enterprise is similar to the "digital immune system". The identity infrastructure (integrated IAM, PAM, ITDR, etc.) it relies on has been vaccinated, and it is stable and secure. This form of identity supply chain adopts the method of vaccination in advance to ensure its security. At the same time, it also needs to ensure the unity of infrastructure, business continuity and good user experience.
Regarding the development trend of the next-generation identity security platform towards identity-woven network immunity, RSA Security CEO Rohit also gave his vision in his speech at this year's conference. He suggested that the next-generation identity security platform is an open platform that can integrate data. Integrating ITDR identity threat detection and response and AI artificial intelligence technology. ITDR will become a key capability of the next-generation identity security platform, using data such as threat intelligence to detect threats in a timely manner and avoid late reporting and false positives; AI can make decision-making simpler and real-time, and automate most workflows; AI can Manage millions of identity and permission changes internally to achieve a finer-grained permission access model.
The Next Generation Identity Security Platform: Digital Identity Immunity
As the identity of the Internet of Everything will face greater threat exposure, not only the identity risk based on people, but also multi-form risk confrontation such as equipment, APP, API, etc. will become more prominent, whether it is from the attack path or the need Protected object boundaries, etc. It has become a rigid need for enterprises to build a full-scenario identity security infrastructure.
A large number of busy application systems and interactive authentication of identities, their network traffic is very complex. Due to the application encryption and complexity of network traffic, current traditional network security technical measures include network threat detection tools: next-generation firewall, IPS, IDS, situational awareness, NDR, etc.; application threat detection tools: WAF, APT, etc. These detection and defense tools cannot identify encrypted traffic (HTTPS and symmetric and asymmetric encryption), which will lead to detection blind spots and the inability to identify the identity authentication information and business system information of the attacker. Real-time advanced identity threat detection technology further enriches the connotation of zero trust and becomes the best practice for enterprises to deal with identity threats.
In terms of enterprise scenarios, whether the identity is inside or outside the organization, whether it is user access or system access, different resource access rights and resource management rights, and the risk issues and security countermeasures faced in scenarios of different dimensions such as different business sectors are all important. is different. Therefore, AI technology is used to assist in identity orchestration and security orchestration to achieve smarter authority and security management.
Therefore, the development trend of the next-generation identity security platform with the ability of "identity weaving network immunity" will be towards infrastructure (native identity security), integration of real-time advanced identity threat detection (DR), and intelligent decision-making. (AI) and other directions.
Currently, as an innovative manufacturer of identity security in China, WuThreat has been deeply cultivating in this field, and was selected into this year's Security Maker Faire. Has taken the lead in launching the next-generation identity security platform of advanced identity threat detection + identity authentication - WuThreat Identity Security Cloud, based on cloud-native architecture and AI-driven security engine, as well as identity threat intelligence technology that has been cultivated for many years, to achieve multi-scenario identity authentication The infrastructure function orchestrates identity business requirements, and detects threats from the perspective of identity threats in identity scenarios to build identity-woven network immunity.
WuThreat's identity security cloud platform covers full-scenario identity authentication management and advanced identity threat detection, including identity management of internal employees, identity management of external users, and identity management of centralized devices, covering web security, account security, and Business anti fraud security. Realize advanced identity threat detection and traceability capabilities from pre-attack defense and real-time threat detection, mid-event response and blocking, and post-event source tracing.
The core technology team of Wuyin Technology has integrated its 15 years of security experience from Party A and Party B, and as the first batch of threat intelligence practitioners in China, it has been continuously innovating in this field and is committed to protecting the identity security of every application in the world. Currently, WuThreat identity security cloud products and solutions are being implemented by top users in manufacturing, automobile, government and enterprise, energy, aviation, Internet, retail, finance and other industries, continuously delivering safer, smarter, more Cost-effective product.