Page 191 - Cyber Defense eMagazine December 2023
P. 191

This collaboration marks a paradigm shift, recognizing that traditional defense mechanisms must evolve.
            As CISA observes, the success of cyberattacks is often "enabled by an environment of insecurity," a flaw
            exacerbated by our collective blind spots concerning identity and its related data. Reducing these blind
            spots requires a greater focus on effective identity data management.


            How Identity Data Management Addresses CISA’s Three Pillars

            CISA's  updated  strategic  plan  focuses  on  enabling  businesses  to  achieve  three  core  objectives:
            addressing immediate threats, hardening the terrain and driving security at scale. The agency wants
            these pillars to be the foundation of every business’s security strategy. So, how can effective identity data
            management help organizations achieve this?

            When we talk about immediate threats, ransomware and phishing instantly come into the conversation.
            The ransomware attack rate is breaking records yearly, while 74% of breaches still include phishing or
            social engineering elements. Identity data management provides a proactive approach to addressing
            these threats.

            Expanding  our  understanding  beyond  just  human  identities  to  include  the  identities  of  servers,
            applications and systems can help to identify which systems or users are more vulnerable to such attacks.
            It allows a better scope for enabling targeted training and applying layered authentication and access
            control on specific devices and user repositories to mitigate immediate risks.

            Hardening the terrain requires management across the entire IT ecosystem and across every network
            element. Every component in our IT infrastructure—people, servers, applications—has an identity. To
            create an impenetrable defensive posture and a rock-solid network terrain, we must manage, monitor
            and administrate these identities. When each identity is meticulously managed, the likelihood of external
            spoofing and unauthorized access diminishes. Essentially, the terrain becomes more resilient to an array
            of attacks, making it harder for adversaries to exploit vulnerabilities.


            Also, when it comes to driving security at scale, monitoring these identities across the IT infrastructure
            allows for automation and real-time responses, thus scaling security measures effectively. For instance,
            managing  the  identities  of  every  connected  device  in  an  organizational  network  can  streamline
            permissions, ensuring only authorized devices and users interact in real-time.


            Gaining visibility into how identities can be used to access sensitive data and systems is critical for getting
            ahead of threats. A recent report from Gartner highlights that quality identity data is critical for successful
            security projects and scaling access controls across complex IT environments.












            Cyber Defense eMagazine – December 2023 Edition                                                                                                                                                                                                          191
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   186   187   188   189   190   191   192   193   194   195   196