As we’ve built out the Elevate platform with deep visibility into employee risk profiles, we started with solving Awareness and Operations use cases.
As we spoke to our customers though, they keyed in on the 8% of users causing 80% of incidents. They felt a natural fit is pulling that employee risk context into IAM (Identity & Access Management) and IGA (Identity Governance & Administration). Just as Identity is the new perimeter, People are the primary attack vector – we need to deeply couple people and identity to ensure we’re giving appropriate access before an adversary gains persistence.
According to the Verizon DBIR, 82% of breaches are due to human error and account compromise is involved in 61% of those breaches. Understanding that, it’s clear that attackers are using social engineering attacks to steal identities.
Our customers are right, we do need to pull employee risk context into IAM and IGA.
Don’t Let The Bad Guy In
We looked at Identity solutions in the market and most helped with basic risk context. Is the user coming from a network, location, and device that I trust? But, we weren’t finding anything that looked at all the signals we get from an organization’s disparate security tools that could answer questions like:
- Who is getting attacked more frequently with phishing, malware, and other social engineering threats?
- Who are my risky engineers – those folks who have production access?
- Are we seeing risk signals that may indicate an employee’s account was popped?
That’s where Elevate shines – building point in time and historical user risk context for every employee and contractor.
Beyond that, we didn’t see anything that could respond automatically to the questions above to protect identities. To riff off a customer use case directly, they asked –
What do I do with risky engineers? If they’re historically risky, how do I protect them?
We brainstormed and it became clear that the IAM solutions had significant configurability and if we could drive policy decisions based on risk, that would be extremely powerful.
In the case above it meant automating the process of moving risky engineers to strong conditional access policies that – a) required phishing-resistant MFA, b) with apps only accessible from Trusted IPs, c) from company-issued devices that d) had stronger device security requirements.
We took that a step further. We also used functionality like Continuous Access Evaluation to invalidate all session tokens when we saw high severity, high confidence threats. This removed any service-based persistence by logging the user out of all sites and moving users to a stricter conditional access policy that protected the user until someone had time to investigate.
I love it, because we’re now responding to risk in an adaptive way.
Stop Rubber Stamping Access Reviews
Ok, I’ll admit it. Like many of us, I’ve participated in the annual ritual of “Does Jennifer need access to
?” check the box exercises, eyeballed it quickly and said “sure”.
Why’d I do that? Well because I had almost no risk context in my decisions.
Pretty loud and clear we heard that the behavioral and attack data that Elevate understands could be very helpful when reviewing whether someone should still have access and how frequently we should be doing access reviews. In steps Elevate’s support for IGA.
Now during a review, the reviewer can understand if the person they’re approving privileged access to has perpetually clicked on phishing links and downloaded malware. Better context = better decisions.
Introducing Elevate Identity
With that, I’m super excited for us to announce Elevate Identity. It’s the culmination of years of work and I’m so proud of the team who built it.
Customers can now drive smarter identity decisions in their IAM and IGA products with three key use cases:
- Protect proactively against risky users using conditional access policies
- Automatically re-authenticate or revoke access based on threat signals
- Risk-based access review workflows and enhancement
We’re initially releasing with support for Microsoft AzureAD, Cisco Duo, and Crowdstrike Falcon Identity. Soon to be followed by Sailpoint, Okta, and more.
If you’d like to learn more – book a demo or check out a quick demo. Let us know what you think!