Dive Brief:
- Identity-related risks are the biggest danger facing enterprises’ cloud environments, according to a report that ReliaQuest published on Tuesday.
- Forty-four percent of valid alerts from cloud security tools “were rooted in identity-related weaknesses,” ReliaQuest said, while 33% of all alerts related to identity.
- Hackers prefer identity-based attacks because they rely on credentials available for cheap on the dark web, they can evade many detection tools and there are so many identities ripe for impersonation, according to the report.
Dive Insight:
As businesses migrate more of their assets to cloud platforms, identity management has risen to the top of the list of important security practices. Many sophisticated hackers use stolen credentials to bypass security protections and establish footholds in their targets’ networks, making strong access controls an imperative for defenders.
“Organizations must realign their security strategies to treat identity as the true modern perimeter,” ReliaQuest said. “This shift requires a proactive stance that starts beyond the boundaries of the network.” The security firm recommended that organizations scan the dark web for compromised employee credentials using digital risk protection capabilities.
Managing privileges will also help organizations defeat identity-based attacks, according to the report. More than half of the confirmed identity-based alerts that ReliaQuest saw involved privilege escalation. Using legitimate credentials with unnecessarily broad privileges “is far stealthier than ‘noisy’ methods like running vulnerability scanners or executing exploit code for known CVEs, which are more likely to trigger alerts,” ReliaQuest said.
The security firm presented the dramatic statistic that “99% of cloud identities are over-privileged,” and it urged organizations using cloud platforms such as Amazon Web Services to lock down accounts that come preconfigured with broad access. According to ReliaQuest, companies should adopt a “zero standing privileges” model in which computer systems manage user permissions with just-in-time authentication that validates access requests on a case-by-case basis.
Identity-based attacks also challenge defenders because of the volume of data they must analyze to root out intruders. ReliaQuest highlighted this challenge when presenting the statistic about 33% of all alerts relating to identity.
“This dual burden — where identity is both the top cause of confirmed breaches and the noisiest source of alerts — overwhelms security teams and drives up operational costs,” the company said. “These alerts are particularly costly to triage because, while automated systems can message users for verification, security teams still need to manually assess whether the activity is benign or malicious, often relying on specific organizational risk policies.”
