IT admins move between tiers on a regular basis, as this is part of their job. So how do we ensure that
            such  actions are  legitimate  and not  part  of  a  compromise?  The  answer  is  to  enforce  MFA on such
            privileged accounts. This ensures that these account credentials have not been leaked and misused
            during an attack.




            Summary

            Addressing the risks posed by the complex reality of identities is not a trivial task. All the more reason for
            why it should be done in the simplest and most effective way possible. Identity segmentation, as opposed
            to  identity  access  management,  visibility  or  privileged  access  management,  is  a  radically  simpler
            approach that adds resilience across any organization.



            About the Author

            Sagie Dulce is a defensive security researcher, leading the Zero-Labs
            team as VP of Research @ Zero Networks.

            With a bachelor's in Electrical-Engineer, Sagie started out designing
            and breaking-up communication schemas in the Intelligence unit of
            the military. After his service, Sagie went on to perform research on
            diverse topics, introducing new attacks techniques such as the "man-
            in-the-cloud" attacks and supply chain compromises against container
            developers.  In  recent  years,  Sagie  is  focused  on  research  that
            delivers practical solutions to security teams, mainly in the form of
            open-source  security  tools.   Sagie  can  be  reached  via  email  at
            [email protected] and on Twitter: @SagieDulce

































                                                                                                              48