Hackers aren’t hacking in anymore, they are logging in. This random comment by Tyler Lynch, Field CTO at IBM in a recent video highlights the critical shift in cybersecurity. The focus is now on identity and access management, a term that abbreviates suggestively to IAM. It bubbles up the importance of securing both human and non-human entities in the digital world.
It is in this context that we analyzed the recent launch of its first identity solution by CrowdStrike, the Texas-based cybersecurity tech company, that covers network identities of humans, machines and AI agents across multiple environments. The Falcon solution is yet another addition to the growing identity service offerings in the market.
Recently Palo Alto Networks made news with their mega acquisition of IAM specialist CyberArk, thus adding already existing solutions from companies such as Microsoft and Okta. That most recent acquisition cost Palo Alto Networks $20 billion, price points that account for not just CyberArk’s domain expertise since 1999 but also a 10,000 strong customer list.
What is the Falcon solution offered by CrowdStrike?
Before getting into the details of identity management itself, let us look at what the Falcon Solution offers. For starters, it covers on-premises, cloud, workload environments, and SaaS while also providing a tool suite with initial access prevention using endpoint telemetry and AI-led threat intelligence to confirm identities and block suspicious logins.
It is also designed to authenticate and authorize AI agents, tasks that it uses CrowdStrike’s in-house agents and AI models to perform autonomously. Given the expectation that of AI agent deployments could mushroom soon and mimic human resources of around 70 to 80 billion, network identity could be the key to data security of the future.
CrowdStrike president Mike Sentonas highlighted how access in modern day enterprises is dynamic and unpredictable with identities spanning users, machines, and AI agents operating across hybrid environments in real time. “Falcon provides what customers need most in (such) unified platforms – modern identity security by design, without architectural trade-offs and integration debt,” Our platform was built to manage this complexity, providing the speed, scale, and precision organizations need to stop modern identity attacks, he notes.
Cyber security has changed in the AI-enabled Digital world
So, what exactly is changing in the AI-enabled digital world today? In the IBM Think Series video on Cyber Trust, Bob Kalka, the company’s global identity lead and Lynch identified what they called a significant disconnect in enterprises. Thus far, IT teams managed human identities while the DevOps and platform engineers tackled non-humans identities.
This siloed approach creates vulnerabilities, evidenced by Kalka’s revelation that “80% of all cyber-attacks today involve identity somehow.” The traditional solution of simply replacing old tools with new ones is deemed “not pragmatic at all,” the duo say, noting the need for a unified approach to secure both human and non-human identities.
They highlight “Identity Fabric” as a new strategic framework to integrate existing security tools with advanced AI capabilities whereby enterprises leverage existing technologies augmented by AI to create a seamless security mesh with focus on identity observability or identity security posture management (ISPM).
Developing capabilities around ISPM ensures that enterprises can detect sloppy or ineffective implementation of human and non-human identities that could result in an attack becoming more virulent. Simply put, by uncovering hidden shadow directors or hardcoded secrets with applications, IT teams are better prepared for security threats.
How was the past experience different?
In the past, IP addresses were enough to identify the users but for long now these are used and reused by thousands of people behind a single address, thus making it impossible to identify a threat actor as users are no more location or device centric. Thus the traditional security perimeter between an enterprise and the world is no more well-defined.
Even the firewalls did the trick for some time by separating what’s inside an enterprise from everything else outside. IP addresses and MAC addresses did the trick of identification whereby entry inside a firewall was guided by a VPN. With resources required by a company no more set within its walls, be it tech or its users, identity fabric has become critical.
A broad array of SaaS-based platforms and employees connecting from outside the office with multiple devices has effectively rendered the firewalls largely useless with no clearly demarcated perimeters. Thus identity has become the only way for enterprises to control access to their networks. However, this has also meant a security perimeter so vast that the traditional means of security is not enough anymore.
Increasing cloud adoption, remote working, and digital transformation also means that identity does not have a single access key. Enterprises often use multiple identity providers and federated access mechanisms that are complex to manage. And it is this complexity that is becoming the target of cyber criminals of the future.
Why do these changes add to the cyber threat?
In fact, IBM’s threat intelligence index suggests that an abuse of valid accounts is the preferred entry point into victim ecosystems in 2024. Over a third of the respondents of the IBM survey said this was the case. Another report from Verizon noted that stolen credentials were the primary initial access vector in a fifth of all breachers last year.
The IBM senior executives believe that to counter these threats, an option could be the introduction of frictionless access and centralized secrets management. Lynch mentions the need to shift from static secrets, ones that are left unchanged on platforms like GitHub to dynamic secrets involving “just-in-time created credentials when needed”.
Enterprises would also require securing most sensitive accounts which may require cutting down a large percentage of unprotected privileged users. In addition, they also highlighted the need for installing identity and threat detection and response mechanisms that work in real-time. “If you cannot see it, you cannot secure it,” says Kalka in the IBM video.
In the final analysis, the future of cyber-security continues to hinge on the three pillars of inspect, protect and govern. However, now it is not just about deploying smarter tools. There is a need to re-evaluate the very basis of how an enterprise perceives and manages identities across their digital footprint. Which is where companies like CloudStrike and CyberArk make a difference alongside tech giants such as Microsoft.
About the author: Raj is anything, but a tech writer and his focus is to de-jargonize technology for the simple and uncluttered minds. He studies the business of technology and seeks to cut the clutter. You can reach him at [email protected])
Click Here For The Original Source.
