The New Role of Analytics in Identity and Access Management
It’s amazing how much cyber-security has grown over the past few years. Where we were once worried about keystroke logging or Trojan horse attacks, we now face situations like ransomware and cyber warfare. User credentials are still the number one target for bad actors and as long as they find ways to steal them, they will continue to find ways into our network. Bad actors are constantly updating their methods to stay ahead of security advancements.
Not only have the attacks changed but so has our landscape. There are now more devices, applications, users and relationships than ever. With more information than ever before, one could suggest that this means we have more fire power than we onceaccess control did to analyze and pinpoint how bad actors are getting into our networks and what they do once there. The truth is just the opposite. With so much data it’s impossible, especially manually, to consolidate and understand what is going on within your network. There are too many accounts, too many entitlements, too many relationships, and too many false alarms.
By definition, analytics is the use of mathematics, statistics and computer software in order to solve a problem or to explain a set of data. The problem is, we are still using analytics in the same way as before the explosion of big data. Our security tools are detecting large amounts of potential security events and pulling those together for our security analysts to review and decide if they are true threats. It is impossible for an analyst to get through all of these supposed threats in time to find the one that is real – which is why we continue to see organizations being breached. It’s time to change how we use analytics so that we can stop with false positives and get a real-time view of what is going on in our network.
What does this change look like? From collecting data to reporting, all of these steps can be done automatically, presenting your security analysts with better information (and a lot less of it) so that they can focus on true threats to your system. Let’s break down just what this process would look like using analytics in a new way.
Data: Enterprise organizations can have billions of identity and access relationships within their organization. It’s impossible to think that you can manually gain insight into all of those relationships to see which ones are at risk, are orphaned or abandoned accounts or have higher privileges than they should.
Information: Even when going one layer down there are still too many relationships to understand. You may have a list of accounts with privileged access or a list of groups and what they should have access to. However, you will not be able to see exactly what they have access to or see how the accounts are acting – especially if the groups are nested within each other.
Reporting: Ok now we are getting somewhere. This is fairly typical for any IAM solution and can show you things like your orphaned accounts, privileged accounts and abandoned accounts and where the risks are within each of those. This is progress but still only gives us a list of issues with no information on which ones are putting you most at risk.
Insight: Here is where things get clearer. Now, you are taking the reporting that you got from your IAM solution and applying actionable insight in order to not only see these relationships more clearly but to also see which of these are putting you most at risk so that you can go after them immediately.
Using analytics turns your system into more than just an identity and access management solution, it raises it up to a new level. These analytics analyze the identity and access data using advanced analytic tools to perform functions such as data mining, statistical analysis, data visualization and predictive analytics. These are not generic data analysis tools but the draw on IAM specific policies, rules and risk indicators to provide information of immediate value to IAM administrators and analysts, compliance officers and incident responders.
Being able to analyze data and provide answers, detect patterns or find anomalies is a tedious task when done manually. However, by adding enhanced analytics to your IAM solution, you can continuously and comprehensively monitor all of your access information and take the guesswork out of keeping your organization safe.