Identity protection is the overall term that describes the set of capabilities that are required to protect against attacks that target the identity attack surface by using compromised credentials to access targeted resources.
Identity protection applies to all corporate resources: SaaS apps, remote VPN connections, on-prem workstations and servers, and others. The rise of identity threats and their role as a leading attack vector has brought security stakeholders to regard identity protection as an independent category rather than a subset of endpoint, network, and cloud security.
What Types of Attacks are Included in Identity Protection?
Identity protection applies to the following attacks:
- Account takeover – threat actor attempts to access a SaaS application or a cloud workload with compromised credentials.
- Malicious remote connection – threat actor accesses a corporate internal network remotely through compromised VPN or ZTNA credentials.
- Lateral movement – threat actor follows up on an initial endpoint compromise by accessing additional workstations and servers with compromised domain credentials. Another flavor lateral movement is to extract from the compromised endpoints credentials for SaaS apps or cloud workloads and pivot from the initial on-prem foothold to the cloud environment.
How do Threat Actors come to Obtain Valid User Credentials?
There are two main ways for attackers to get hold of user credentials to gain malicious access:
- Purchase beforehand – there are more than 24B credentials circulating in the Dark Web forums for purchase. In fact, there are threat actors that breach organizations with the sole purpose of extracting domain credentials and rapidly getting out to sell them.
- Compromise as you go – once an attacker has gained a foothold on a targeted machine he can execute code and employ a wide range of open-source tools to extract credentials from the machine’s memory.
That way or the other, the current threat landscape shows that obtaining compromised credentials is more trivial than challenging. Identity protection is built on the notion that while there is little to be done to prevent the compromise of credentials, there is still much to be done in eliminating attackers’ ability to use them for malicious access.
Identity Protection: Real-Time Detection and Prevention of Identity Threats
Identity protection incorporates two key aspects regarding identity threats:
- Detection – the ability to discern with high precision between the legitimate authentication of a user, and malicious one carried out by an attacker that has compromised this user’s credentials.
- Real–Time Prevention – the ability to intercept and block a detected malicious authentication as it is attempted, never letting it complete into actual resource access.
Moreover, in order to be effective, these detection and prevention capabilities should apply equally to all environments, on-prem and in the cloud. Learn how Silverfort solves this problem.
Silverfort: Your One-Stop MFA Solution for Cyber Insurance Compliance
Re-Evaluate Your MFA Protection – eBook
When Alerts Overwhelm: Combatting MFA Fatigue