Page 53 - Cyber Defense Magazine RSA Edition for 2021
P. 53
CIEM? Looks a lot like SIEM.
CIEM may look like and even sound like SIEM (security information and event management), but the two
security solutions are not the same. While there may be some overlapping capabilities for cloud-first and
hybrid environments with cloud-native SIEM vendors, none of them have the ability to extend their
platform to manage and enforce entitlements and permissions for the multi-cloud and hybrid cloud
enterprises. This management and enforcement of entitlements and permissions is a core competency
of a comprehensive CIEM platform, and it enables organizations to design and implement Zero Trust
architectures in multi-cloud and hybrid cloud environments. As multi-cloud adoption continues to increase
across the industry, the movement of workloads to such environments requires in-depth visibility and
analysis of cloud infrastructure accounts, permissions, entitlements and activity, and granular controls.
Why is CIEM vital for organizations? The Cloud Permissions Gap.
A new attack surface has emerged in response to mass digital transformation: the Cloud Permissions
Gap. CloudKnox threat research has uncovered that more than 90% of privileged identities within
organizations’ cloud infrastructures (both human and machine) are using less than 5% of their
permissions granted. This delta is known as the Cloud Permissions Gap, and it is a contributing factor to
the rise of both accidental and malicious insider threats impacting enterprises of all sizes, as attackers
are able to exploit an identity with misconfigured permissions and access across the organization’s critical
cloud infrastructure.
Specific risks and challenges associated with the Cloud Permissions Gap
include:
● Inactive identities and super identities. Every company has at least few inactive identities—
former employees, testing, POCs, etc.—just hanging out there. Even more dire, there are other
identities known as “break-glass accounts” or super identities that are floating around with
unlimited permissions and unrestricted access to all cloud resources offered across the
organization.
● Over-permissioned active identities. Continuously tracking and monitoring the proliferation of
new services, roles and permissions in the cloud is almost impossible to do manually.
● Cross-account access. Organizations leverage cross-account roles to allow identities to access
different environments—development, test, production, etc.—and allow third-party entities to
access their accounts. This is both convenient and a potential vulnerability for the organization.
The inherent danger is when an identity access management (IAM) role in these instances is
over-provisioned. Since these roles grant permissions to an entire account, the misconfigured
permissions tied to the role can cause significant—and costly—ripple effects.
● Anomalous behavior among machine identities. Machine or non-human identities consist of
scrips, bots, access keys and others, and they typically perform the same repetitive actions. If a
53