Agencies Must Get Identity Right to Move to a Zero Trust, More Secure Posture
Featuring Morey Haber, Chief Technology Officer & Chief Information Security Officer at BeyondTrust, and Frank Briguglio, Global Public Sector Strategist at SailPoint.
The threat actor is targeting the human. Once they gain access to the human’s account, they want to escalate privileges. If you’re doing good identity and account management, that user only has a finite set of systems they can hit. That's it. However if they can’t scrape memory from malware or keystroke log, or any of the advanced attack techniques, they’re gonna look for accounts that have global, or more than one system, access.
That’s how they’re gonna get lateral movement. They’re going to use those vulnerability accounts, they’re going to use those malware service accounts, they’re going to use other types of credentials, and even tokens or certificates that are present, that give them a more broader access to the environment. That’s a part of identity management, too, who is the owner of those machine identities?
Agencies are finally starting to take identity seriously again, and not just from the perspective of the smart card. They’re realizing that the access management methodologies are different for different classes of users. They’re realizing that they need the automation and the efficiencies to reduce the footprint of overexposed accounts and entitlement creep and things that were hard before.
They have the platforms now to do this, and it really is the time to take advantage of what they’ve done over the past couple years with CDM, through asset discovery, through the identity and the master user record: Tie those together and really start building that governance model.