Behavioral analytics is quickly becoming the cornerstone of most every Infosec technology. However, it takes a lot more than simply analyzing user activity with rules and statistics, it takes applying ML (Machine Learning) to access and activity data, as well as employing AI (Artificial Intelligence) to reduce false positives and accurately risk score. Two critical capabilities that a multitude of security vendors have yet to address in their products to enable automated risk response. Those lacking machine-based cognitive abilities have come to rely on static pattern definitions, signatures and policies for a legacy world of known good and bad. Today, we must assume compromise and assess risk, even more importantly for privileged accounts with the access keys to IT environments.
That said, some vendors have come to grasp the ideologies of applying the concepts of big data analytics to access and activity data to better judge the validity by risk scoring. An approach that leverages the latest in ML and AI capabilities, and requires the vendor to innovate and have a keen understanding of behavioral and predictive algorithms to deliver predictive security analytics to identify access risks and unknown threats. Nowhere is this truer than with controlling access to enterprise resources using privileged accounts and entitlements. Something that remains a potential hazard for businesses of any size leveraging cloud and on-premises IT resources.
At 11/29/16 Gartner Identity & Access Management Summit held in Las Vegas, privileged account management proved to be a hot topic. Gartner revealed that “Identifying all systems and the corresponding privileged accounts is important, because every privileged account is a potential source of risk. However, this is a major challenge, as it is easy for privileged or default system accounts to be forgotten and left out. This is exacerbated by virtualization and hybrid environments that include cloud infrastructure. In such a dynamic environment, systems and accounts can easily fall through the cracks of privileged access management.”
Simply put, Gartner is expressing that some better methodologies must be adopted to prevent potential breaches from occurring due to improperly audited and secured privileged accounts and entitlements, something that Infosec vendor Gurucul is keenly aware of.
GigaOM had the opportunity to discuss privileged account concerns with Gurucul’s CTO, Nilesh Dherange, who revealed that accounting for privileged accounts is only one of the security issues facing enterprises today. Dherange said “Although many organizations are deploying privileged access management products to vault accounts with high risk entitlements, these tools may only perform discovery at the account level which creates blind spots for unknown privilege entitlements and exposes companies to unknown security risks.”
Dherange makes a good point, it is those unknown security risks that prove to be the most troublesome for enterprises today, especially as systems become more complex and additional administration and application accounts are created, all with an increasing ability to “touch” critical IT systems. What’s more, many enterprises rely on spreadsheets or other notes to maintain an inventory of privileged accounts and those accounts are rarely audited.
Dherange added “In a typical enterprise, the scope of privileged access discovery is manually unfeasible. For example, an organization with 10,000 identities each having 10 accounts with 10 entitlements would equal 1 million entitlements. This often results in rubber-stamping certifications and cloning user access rights. Overtime an entitlement may become privileged and remain hidden in these cycles.”
Looking at that issue from a management perspective, it becomes clear that manually maintaining and auditing privileged account entitlements is far beyond the scope of most any organization. In other words, enterprises will have to rely on machine learning intelligence for risk-based approach to manage all of the moving parts involved.
“On average, Gurucul customers addressing privileged access risks have discovered that more than 50% of privileged access, including application privileges, are unknown to them and exist outside privileged access lists and vaults,” added Dherange.
According to Dherange, Gurucul takes a different approach to privileged access intelligence on large enterprise networks. “Gurucul is applying identity analytics and machine learning to discover privileged access that poses a security risk to the organization so that undocumented and unnecessary permissions can be eliminated or identified for monitoring with behavior analytics,” claimed Dherange.
Gurucul demonstrated its Access Analytics Platform (AAP) and Gurucul Risk Analytics (GRA) with privileged access discovery capabilities at the Gartner Identity & Access Management Summit, showing that it has added new capabilities to its Access Analytics Platform (AAP) and Gurucul Risk Analytics (GRA) that eliminate blind spots associated with privileged access.
Gurucul also announced the closed loop integration of identity and access management (IAM) solutions into AAP, which forwards accounts and entitlements with high access risk scores to IAM solutions for owner/manager certification. Dherange said “When an account and or entitlement is revoked, the IAM system sends an update to Gurucul which removes the risk and re-scores the machine-learning models. Several of our customers have implemented Closed Loop IAM integration using Gurucul with Oracle Identity Manager (OIM) to automate the detection and remediation of access outlier risks.”
With Gartner claiming that “Privileged access is increasingly recognized as one of the most significant risks that organizations are facing, driving them to pivot from compliance-based to risk-aware strategies.” It is becoming very clear that enterprises today will need to turn to ML and AI based technologies, backed by the context of big data, to truly get a handle on what may quickly become one of the top security issues facing enterprises.