In a bid to make IT operations and security infrastructures more intelligent and agile in their response to threats, SailPoint’s president and co-founder Kevin Cunningham announced during his keynote address at Navigate ’17 today that the company will add artificial intelligence to its open identity platform.
IdentityAI will provide SailPoint customers with the visibility they need to better understand their specific risks associated with user access, enabling them to thereby focus their governance controls to reduce risk more efficiently and effectively, Cunningham said. IdentityAI is slated for general availability late this year.
Enterprises could certainly use more visibility. Cunningham cited a statistic from Verizon’s Data Breach Investigations Report that shows many enterprises don’t identify attacks underway for an astonishing 200 days. “Visibility is everything,” Cunningham said.
When it comes to identifying attacks as well as breaches, part of the challenge is quickly identifying what events actually matter, Cunningham explained. Without the proper context, he continued, business managers and security professionals can’t make sound decisions. And it’s often not a case of not enough data, but too much. Security professionals find themselves buried in false-positives from their intrusion detection systems, firewalls, security information and event management systems, and more. What’s needed is a way to help sift through vast amounts of identity data so that security teams can see what is crucial so they understand a breach, Cunningham said.
According to Cunningham, analytics provided by IdentityAI will not only enable customers to manage their identities more intelligently, but will also boost the impact of their existing identity governance programs, thereby reducing risk. IdentityAI will help detect anomalous behaviors and potential threats with its analytics engine that uses time series analysis and deep learning to scan massive amounts of identity data to uncover risks — something that traditionally would require a team of security experts. Cunningham also spoke to how IdentityAI makes identity smarter by using artificial intelligence technology based on peer group analysis, behavioral pattern recognition and statistical analysis. This helps IdentityAI to focus on the identity governance controls within high risk scenarios.
Additionally, because IdentityAI helps to automate the review and approval process of low risk access, internal teams can also focus on higher-priority items.
One of the first things attackers do after a breach into a corporate network is to start acting as if they are a trusted insider as soon as they can. To identify whether an enterprise has a rogue identity, either a legitimate identity that’s been hijacked or an identity that’s been created for specific purposes that aren’t in the interests of the company, IdentityAI will provide intelligence that will clear away a lot of the clutter and the noise that make it nearly impossible to see what’s actually happening, Cunningham explained.
During his keynote he explained how IdentityAI will detect anomalous behavior early on, isolate it, identify it, and shut it down if it, in fact, is part of an ongoing breach. IdentityAI also makes it possible for identity teams to operate a lot more efficiently, he explained. “If we start segmenting normal permission sets and normal behavior, we can streamline a lot of operations because there’s no need to worry about involving people when approving the granting of access to an application to a type of user in a situation that really doesn’t represent a lot of risk,” he said.
“We can automate that to clear off a lot of the clutter that crowds our customers’ lives and really let them focus on those high-risk activities,” he said. Likewise, the technology will identify more risky behaviors, he explained. “We’re about to grant somebody who’s a contractor access to a very sensitive database. We need to put a lot more scrutiny on that. We need to have multiple layers of approval, but with IdentityAI we can actually start to segment our environment into risky and non-risky activities and identify processes, based on their risk, such that we can now operate with a lot more efficiency, automate those that don’t represent a lot of risk, and put more scrutiny on those that do.”
“What’s needed to succeed is a real-time analysis of what’s really happening in the environment, something that enables enterprises to see through the clutter and identify those things that might represent a really risky situation where there’s a breach in progress and focus in and zero in on that so one can detect it and stop it before that data is stolen,” he said. “This takes us a long way forward in being able to protect ourselves and understand what’s really happening in our environment from a really good perspective on risk,” Cunningham said.
Editor’s note: Kevin’s keynote presentation will be available online later this month for those of you unable to attend Navigate ’17.