Enterprise security has become a multifaceted, complex organism that is constantly evolving amidst new threats and technologies. For years, businesses have used a combination of solutions such as firewalls, vulnerability management, security event monitors, change management and identity governance.
Putting all of these together can create a powerful fortress of security. Strong but not impenetrable, because any missing or outdated part can become an area of compromise. The old saying that a chain is only as strong as its weakest link is quite apt in the realm of enterprise security. And given that 3 in 5 companies expect to be breached in the next year, there are clearly some unfortunate weaknesses in these well-built fortresses.
The challenge is twofold: keeping up with the barrage of threats pummeling enterprises currently; and sifting through the signal to noise ratio when it comes to the slew of security event data that so many security tools today generate. That slew of data must be analyzed, differentiating between real and false positives and tracing back to correlated events. This is a gigantic task, particularly when the lack of IT and security resources falls short of what most would consider ideal.
Until recently, event data from security information and event management (SIEM) solutions had produced large amounts of incidents based on predefined rules, but true insights were not discovered until these incidents were manually analyzed. This was a time-consuming process filled with a large percentage of false-positives. Applying the power of machine learning, user and entity behavior analytics (UEBA) fundamentally changed the way that insights were uncovered from SIEM data; reducing response times and thwarting breaches. This change empowered SIEM solutions so much that UEBA solutions are moving from stand-alone products to being integrated with most SIEM solutions.
The big identity-related data produced in solutions such as IdentityIQ or IdentityNow may contain similar insights but may experience a similar challenge…the insights lay in data that cannot be effectively or efficiently combed through by limited IT or security staff. The information is buried like a needle in the haystack. The potential value of these insights are immeasurable, but hidden from the organization.
To put this in perspective, our recent Market Pulse Survey showed that less than half of businesses surveyed had full knowledge of all users and their access to corporate applications and systems. This data is being generated by their identity governance systems but is admittedly not being used. This is a huge potential blind spot.
Machine learning has the potential to revolutionize the way that this massive amount of identity data is managed. By taking all of an organization’s identity data into consideration and learning the unique situations relevant to an organization, machine learning combines all seen and unseen identity-related data into smarter decisions creates signal from all of the noise and greatly strengthens an identity governance program.
Proactively, this could mitigate risks generated from users having improper entitlements or gaining access through other inherited permissions. Notifications of high risk users and unusual request scenarios can be surfaced to an administrator without having to know the user or context. Reactively, being able to trace an incident of improper access through historical timelines and discover other user accounts that may have similar vulnerabilities can quickly help stem the damage caused by a compromised identity.
Additionally, machine learning allows for the automation of low risk tasks. This can have a tremendous impact on operational efficiencies by reducing the time business users spend on important, but non-value creation tasks, such as access certifications.
Early detection of vulnerabilities is key to preventing and mitigating damage from a breach. The key to knowing where vulnerabilities lay is most likely already in the data that an organization currently holds, but doesn’t have the resources to comb through.
Could your security fortress be compromised by a single rogue entitlement or ill-informed permission granted? Could this have been discovered in advance with another rule, tool or data point? Adding another rule, tool, or data point adds another brick to your security fortress. But maybe strengthening the bond between the bricks is the best way to strengthen the fortress. Machine learning insights applied to existing data and infrastructure can act as that glue.
Read more about SailPoint’s identity analytics solution