Why IAM Is Not Enough
When Identity Infrastructure Source Code is Stolen, Users Can Be at Notable Risk
To make sure you are aware of any attacks associated with stolen source code in the first place, or to make sure your identity infrastructure is not compromised in some way, the only truly consistent method of prevention is the identity first approach provided by Identity Threat Detection and Response (ITDR). Organizations can’t simply assume that their MFA and other tools are secure themselves.
Just a few weeks ago, it was reported that a well-known provider of authentication and Identity and Access Management (IAM) solutions for enterprises had some of its source code stolen within its own GitHub repositories. In fact, according to press coverage, it was GitHub that actually alerted the company that seemingly unusual activity/access was taking place in their code repositories – although the coverage also noted the company indicated that no unauthorized access to its widely-used service took place and no customer information was stolen.
It's an eye-opening moment and an opportunity to underscore the importance of gaining real-time visibility into the identity infrastructure for any organization that uses such enterprise tools for authentication, multi-factor authentication (MFA), or really any such service. You must be able to take immediate action. And in 2023, the clear answer to ensuring you’re alerted to suspicious activity, regardless of whether it’s due to stolen source code or some other vulnerability, is to implement an accompanying ITDR solution that will always keep the needed eyes and ears on the ground.
In recent ITDR-focused analyst reports, thought leaders are consistently pointing to ITDR as one of the pressing cybersecurity needs for this year and onward – all spawned by the perhaps under-reported fact that such a huge chunk of cyberattacks are initiated through stolen or compromised identities. After all, as AuthMind says time and time again: hackers don’t hack in, they log in.
So, what can ITDR see that might simply go under the radar otherwise? MFA can look like it’s suddenly misconfigured. There can be MFA-related anomalies, and it can also notice when users that would typically have MFA suddenly are no longer employing it. These are simple examples, but they are dangerous nonetheless and these changes need to create alerts quickly. That’s ITDR’s initial, yet huge value and path toward to the protection that’s needed to fight vulnerabilities.
Afterall, the identity infrastructure controls what people can access. Protection surrounding it and its users is crucial because organizations can’t be fooled into thinking they’re in full control of permissions and policies when they’re not.