Ongoing Attacks on Identity Providers Underscore Need for Combined Use of ISPM and ITDR
Updated: Nov 3
Even the most discerning identity-related organizations, including some of the world’s most well-known identity providers (IdPs), are finding that a comprehensive approach to identity protection is required to avoid finding themselves in the limelight.
The cybersecurity industry is experiencing a significant number of data breaches due to stolen identities and credentials. This creates an ironic situation where identity providers (IdPs), companies that specialize in managing identity solutions, are themselves battling identity-centric attacks. Not only are IdP customers continuing to be affected, but also IdP employees and even their highly vetted third-party vendors.
No doubt it’s frustrating, as it takes a financial, operational, and reputational toll for a whole host of people. But it’s not a time for the industry to point fingers at itself. Instead, it’s a powerful form of “close to home” inspiration for illustrating how organizations need to complement their investments in identity providers with new capabilities in the areas of identity security posture management (ISPM) and identity threat detection and response (ITDR). Doing so arms an organization with the ability to detect and remediate identity-related blind spots before they become actual problems and identify identity-centric attacks in real time.
Credentials (whether stolen or otherwise obtained) to valuable IdP admin accounts give unauthorized access to cyber criminals who often simply encrypt or steal anything they please that they can get their hands on – and there’s a lot for the taking in the data-rich companies of today. And it’s particularly poignant when it’s the customers of an IdP who raise the alarm first. Thus, a joint ISPM and ITDR approach for all (identity providers and their customers) offers the visibility for all identities from on-premises to the cloud needed to:
Pinpoint identity-oriented vulnerabilities and misconfigurations – This includes detecting local account IdP access, unmanaged shadow IdPs, and admin access to the IdP without MFA or with non-compliant session time parameters, to give a few examples. All of these insights should come with suggested remediation steps to get issues resolved quickly and improve an organization’s identity security posture.
Detect and stop identity-related security incidents – This includes identifying unusual activity like deviations in access flows to the IdP or repeated login attempts or access from unfamiliar locations by IdP admins, which could indicate a potential security breach. Along with identifying unusual activity, it is also important that solutions provide full context to know who's doing what and from what machine.
In conclusion, the recent security incidents targeting IdPs and their customers underscore the critical importance of robust identity security measures. By leveraging best practices from IdP vendors and implementing ISPM and ITDR solutions from vendors like AuthMind, organizations can better protect themselves against the ever-evolving landscape of identity-based threats. In the ever-evolving realm of cybersecurity, employing a defense-in-depth strategy, which emphasizes constant vigilance, continuous learning, and adaptation, is key to staying one step ahead of adversaries.