How to Apply Vulnerability Management Lessons to Identity Threat Detection and Response

At Illusive, I greatly benefit from researching the challenges of managing and protecting identities, as well as discussing these challenges with my peers. Recent conversations with cybersecurity leaders and professionals here and at other organizations have focused on how to gain better insights into where identity vulnerabilities lie and how to mitigate the risks.

One key theme keeps coming up—that we need to take “lessons learned” about vulnerability management and apply them to identity threat detection and response (ITDR). Here are four of those lessons:

Find Your Identities

We’ve all heard the adage, “You can’t protect what you don’t know exists.” That applies to identities as well. You have to know where you are vulnerable in order to close those gaps before they are exploited. As we discussed in “What is ITDR?“, there are multiple types of identity vulnerabilities. The most concerning present risks that can be exploited by tactics and techniques in the most common cyberattacks. Only once an organization assesses the risks their vulnerable identities pose, can they be prioritized for remediation.

Determine Your Risk Tolerance

Given the fast pace of change, technology leaders have to walk the fine line between enabling business operations while defending their businesses from cyberattacks.

This is when CISOs can step in to help their colleagues understand risks in business and monetary terms. Do they recognize the potential cost of a specific exception and its associated risk? Are they willing to accept that cost, or is there a safer alternative that works for all parties and does not require any additional investment? Bringing executives on the ITDR journey is significantly more effective when all grasp the potential impact of the increased risk posed by identity vulnerabilities.

Automate What You Can

End-to-end automation of identity lifecycle management is the end goal, but this is incredibly difficult to achieve in large organizations. A major hurdle is that the teams managing security and identities lack a complete understanding of which systems require the privileged identities that need to be protected from account takeover. Instead, they should determine what low-hanging fruit they can automate – like password resets or the review of privileged access accounts usage – which, as an example, helps reduce the burden on their security operations center (SOC) operators

Combine Solutions for Workflow Optimization

As you gain additional visibility into your identity vulnerabilities, it’s critical to integrate actions into your workflow management solutions and other tools to close the gaps. The ultimate goal is to deliver the right combination of internal and external threat intelligence. That way, when SOC teams receive an alert, they can quickly pull information from various sources and determine if the action is nefarious and, if so, how extensive the threat is (i.e., a single endpoint or broader).

Regardless of the security policies, procedures and best practices in place, you will always need to deal with identity vulnerabilities. Employees will store credentials in their web browsers, SaaS and cloud-based applications that attackers seek to exploit. Our job is to make it as difficult as possible for them to find their way in. On October 25, we will host a webinar to dig deeper into this topic and elaborate on how to extend existing vulnerability management processes and resources to at-risk identities while prioritizing remediation efforts. You can register here.