Elevate Identity Service Integrates Comprehensive 360° Individual Risk Profiles,Transforming Identity and Access Management (IAM) to a Risk-Based Model, and Automating Identity Governance Administration (IGA) Access Reviews
SAN FRANCISCO – March 15, 2023 – Elevate Security today announced the release of Elevate Identity, its SaaS offering for Identity and Access Management (IAM) Professionals. The industry-first service integrates Elevate’s comprehensive user risk profiling capability with leading IAM tools such as Cisco Duo, Crowdstrike Falcon Identity, and Microsoft Azure AD to add a full 360° perspective of each individual’s cyber risk to the authentication and authorization process. Additionally, the Elevate Identity service integrates with Identity Governance tools such as Sailpoint’s Identity Security Platform to automate personalized access reviews based on changes in an individual’s user risk profile.
See the simplicity and effectiveness of the Elevate Identity solution here.
New research from Elevate and Cyentia Institute recently determined that High Risk users represent approximately 10% of the worker population, and are found in every department and function of the organization. While they make up a small percentage of the population, High Risk users represent a sizable threat to the organization.
Traditional IAM methodologies rely on a limited dataset to determine the user risk behind any individual access attempt – typically only credentials, location, network, and device are known – leaving many areas of user risk open to attacker exploits and limiting security team options for making and applying personalized conditional access policy decisions.
Without visibility into user risk at the time of authentication and authorization, all users must be treated generically, increasing chances of over-provisioning access to a high-risk user, or worse, letting an adversary in and allowing them to achieve persistence.
Elevate’s comprehensive User Risk model analyzes billions of independent data points from across the organization and beyond. Factors such as worker susceptibility to real phishing and malware, poor handling of sensitive data, and unsafe browsing habits along with demographics and other characteristics are continually aggregated and updated into detailed, transparent, high-confidence user risk metrics.
By integrating this rich user risk data into IAM and Identity Governance Administration (IGA) tools and processes, security teams now know the true risk characteristics of each worker attempting to access their systems, including an individual’s vulnerability to the pernicious social engineering attacks currently making headlines at ridesharing, password manager, gaming, and healthcare providers worldwide.
With this data in hand, defenders can automate customization of conditional access policies. For example, Elevate may determine that a particular engineer, with access to company source code, is being targeted by attackers with increased frequency, and has recently visited a risky website. Once identified as a ‘High Risk Engineer’ by Elevate, this individual is protected by specific IAM policies, such as forcing phishing-resistant multi-factor authentication, requiring a company-provided device, or removing access from critical source code repositories.
Without individual User Risk data, these types of conditional policies and user protections cannot be applied reliably or scalably. While it’s appropriate and warranted to apply this level of protection to a small subset of high-risk users, attempting to subject all users to such policies would harm productivity, and elicit strong pushback from workers and business unit managers.
With Elevate Identity, security teams can have the best of both worlds – strong individual protection for those that need it, and high productivity and satisfaction from the vast majority of users who represent less risk.
Integration with identity governance tooling enables Elevate Identity to also automatically initiate an access governance review solely for the aforementioned high-risk engineer or others with risky profiles, ensuring compliance and auditability of their access permissions are always aligned to both business needs and their individual user risk profiles.
Identity and Access Management is a top priority for IT and Cybersecurity professionals in 2023, with leading industry analyst firms urging clients to optimize their IAM and IGA infrastructure. In its recent Executive Order on Improving the Nation’s Cybersecurity, the White House called on Federal agencies to urgently reexamine and up-level identity, credential, and access management capabilities.
Elevate Identity has been shown to pay for itself in less than one year through a 20-50% reduction in security incidents involving a negligent employee or contractor. The cost of a single such incident was determined by Ponemon Research to be $307,111, with the average time to contain such an incident averaging 77 days. The study found that the average organization faces more than one such incident per month.
“With comprehensive user risk data informing the Identity and Access process, defenders have a simple, transparent, and effective method to apply personalized protections aligned to individual vulnerabilities,” stated Elevate founder and CEO, Robert Fly. “The ability to make better decisions, in real-time, at scale, during this critical stage of the kill chain is an absolute game changer in the fight against human-centered attacks.”
“A one-size-fits-all approach to securing user access will not guard against threat actors skilled at targeting people susceptible to engagement with deceptive online interactions or prone to poor judgment computing behaviors,” finds Ed Amoroso, Founder and CEO of TAG Cyber. “Organizations must be able to easily identify their most ‘at-risk’ workers and continuously quantify their potential likelihood of initiating a worst-case security incident. By wrapping these individuals with conditional access policies based on their relative human risk, enterprises gain a powerful new component in their defense of critical business assets, while also pinpointing areas for security awareness improvement.”
Elevate Identity is available now and priced on a per user basis. For more information, click here.
About Elevate Security
Elevate Security solves the age-old problem of workplace risk. Our platform proactively safeguards an organization’s riskiest users by deeply integrating into the current technology stack to identify behaviors, attack patterns, and other characteristics that affect an individual’s risk levels. Security teams apply Elevate’s risk scoring and risk-aware interventions to predict, personalize controls, and help prevent the next incident before it happens. To learn more, visit https://elevatesecurity.com.