Learning Library

← Back to Library

Identity Protection: The New Cyber Frontier

8m • Unknown Channel • security • deep-dive • intermediate • Watch on YouTube ↗

Key Points

Identity protection has surged to the top of cyber‑security priorities because, according to the 2024 IBM X‑Force Threat Intelligence Index, 30 % of attacks were phishing and another 30 % exploited compromised valid accounts, making identity management the leading attack vector.
It is a core pillar of the “identity fabric,” a framework that unifies seven elements—Orchestrated Workflows, Risk‑Based Authentication with AI behavioral analysis, Legacy Application Gateways, Identity Protection itself, Directory Synchronization for a single view of access, Identity Governance for onboarding/off‑boarding, and Privileged Account Management to satisfy cyber‑insurance requirements.
Identity protection now encompasses “Identity Threat Detection and Response,” shifting from passive monitoring in SIEMs to proactive detection of compromised credentials through real‑time analytics and automated remediation.
The approach also integrates “Identity Threat Hunting,” which uses threat‑intel feeds and attack‑path modeling to actively seek out signs of credential abuse before attackers can leverage them.
By combining these detection, response, and hunting capabilities within the identity fabric, organizations can reduce the risk of credential‑based breaches and meet the stringent demands of regulators and insurers.

Sections

00:00:00 Identity Protection and the Identity Fabric - The speaker explains how identity protection—comprising orchestrated workflows, AI‑driven risk‑based authentication, and broader identity‑fabric management—addresses the surge in attacks exploiting compromised credentials.

Full Transcript

# Identity Protection: The New Cyber Frontier **Source:** [https://www.youtube.com/watch?v=RvCq3_nJv6A](https://www.youtube.com/watch?v=RvCq3_nJv6A) **Duration:** 00:08:46 ## Summary - Identity protection has surged to the top of cyber‑security priorities because, according to the 2024 IBM X‑Force Threat Intelligence Index, 30 % of attacks were phishing and another 30 % exploited compromised valid accounts, making identity management the leading attack vector. - It is a core pillar of the “identity fabric,” a framework that unifies seven elements—Orchestrated Workflows, Risk‑Based Authentication with AI behavioral analysis, Legacy Application Gateways, Identity Protection itself, Directory Synchronization for a single view of access, Identity Governance for onboarding/off‑boarding, and Privileged Account Management to satisfy cyber‑insurance requirements. - Identity protection now encompasses “Identity Threat Detection and Response,” shifting from passive monitoring in SIEMs to proactive detection of compromised credentials through real‑time analytics and automated remediation. - The approach also integrates “Identity Threat Hunting,” which uses threat‑intel feeds and attack‑path modeling to actively seek out signs of credential abuse before attackers can leverage them. - By combining these detection, response, and hunting capabilities within the identity fabric, organizations can reduce the risk of credential‑based breaches and meet the stringent demands of regulators and insurers. ## Sections - [00:00:00](https://www.youtube.com/watch?v=RvCq3_nJv6A&t=0s) **Identity Protection and the Identity Fabric** - The speaker explains how identity protection—comprising orchestrated workflows, AI‑driven risk‑based authentication, and broader identity‑fabric management—addresses the surge in attacks exploiting compromised credentials. ## Full Transcript

0:00hi I'm here today to talk about one of 0:01the most exciting new Innovations in 0:03cyber security and that is the concept 0:06of identity protection what we're going 0:09to talk about today is 0:12what is identity protection identity 0:17management has become one of the hottest 0:20issues in cyber security today because 0:23if you look at the attack vectors of the 0:25last 12 months um literally identity 0:30management is the top two attack vectors 0:32that hackers are using our 2024 ibmx 0:35Force threat intelligence index shows 0:37that 30% of all attacks in the last 12 0:39months were fishing and another 30% were 0:45actually leveraging a compromised valid 0:47account so identity management has 0:49become the predominant attack vector and 0:51identity protection has evolved in the 0:54last couple years to be focused on 0:56addressing exactly that so we're going 0:58to answer that question today I identity 1:00protection is actually three different 1:01things the first thing that it is is 1:04identity protection is one of the 1:06critical elements of properly addressing 1:09What's called the identity fabric the 1:11identity fabric is how do we manage 1:14identities across the hybrid reality 1:18that almost everybody has today so that 1:20includes Seven Elements first we have 1:23the ability to do orchestrated workflows 1:27to do things like add frictionless 1:29support support to Legacy applications 1:32second is the ability to do risk-based 1:34authentication to add AI based 1:37behavioral analysis to authentication so 1:40when someone leverages a compromised 1:42valid account one of the primary attack 1:45forms is that you can tell it's not them 1:47using that account third is Legacy 1:51application gateways that allow you to 1:54pull in the Legacy apps into the latest 1:56identity management controls such as 1:58frictionless access fourth is this topic 2:02of identity protection which we're going 2:04to dive into next fifth is directories 2:08and directory synchronization so you can 2:11answer the question that nobody seems to 2:13be able to answer today which is show me 2:14a single view of who has access to any 2:17of your systems six is identity 2:20governance so you have proper onboarding 2:23and offboarding and management of 2:25identities and then seventh is 2:27privileged account management so you 2:29make make sure you're addressing 2:32something that cyber insurance providers 2:34have been focused on which is have you 2:35really rolled out privileged account 2:38protection across the board and in fact 2:40they're threatening not to renew policy 2:42so it's become a big issue so that's the 2:43first thing that identity protection is 2:45a critical element of addressing the 2:48hybrid nature of identities today 2:50through the identity fabric the second 2:52thing that identity protection is is the 2:55combination of two brand new Innovative 2:58space inside spaces in cyber security 3:01first is identity threat detection and 3:04response identity threat detection 3:06response is pointing out the fact that 3:09traditionally the way people identify 3:12identity Focus threats is by sitting in 3:15their Sim tool in their security 3:17operations center and waiting for like a 3:20user Behavior Analytics tool to deduce 3:22that there's an identity problem that is 3:25far too passive for the fact that 3:27identities had become the predominant 3:29attack VOR 3:30so itdr is focused on how do I find and 3:33manage those threats close to the 3:35identity Source It's a combination of 3:38that with another brand new space which 3:40is called identity security posture 3:43management you know it's kind of funny 3:45because right now the whole concept of 3:46fabrics and posture are really hot in 3:48cyber security across all the spaces and 3:51what that is applied against identity 3:53management is really profound it's doing 3:55things like how can I find poor posture 3:58in my configuration that could lead to 4:00an attack being more successful down the 4:02road things like multiactor 4:04authentication bypass finding shadowed 4:07directories and stuff like that right so 4:09you have to have good posture and then 4:11be able to find the threats as they're 4:12happening that's the second thing IID 4:14think protection is it's a combination 4:16of itdr and ispn the third thing that 4:20identity protection is and this is the 4:22most profound impact is that it 4:26links the security Operation Center with 4:29the identity and access management stack 4:31intimately for the first time in most 4:34organizations the sock is operating the 4:36identity Technologies are operating and 4:38there's not a really close linkage 4:40between those tools especially around 4:43threat detection response identity 4:46protection because of the combination of 4:47these two spaces does exactly that so 4:50let's look for a moment about what this 4:52stuff actually does the value in 4:56identity protection by combining itdr 4:58and ispn is it provides three different 5:01things the first thing that it does is 5:04it shows us 5:06identity blind 5:11spots now what are identity blind spots 5:15identity blind spots are finding things 5:18like 5:19Shadow assets that people are accessing 5:22that we weren't aware they're accessing 5:24it's finding things like Shadow 5:28directories where you have people 5:31authenticating against a directory that 5:33you didn't even realize was out there we 5:34finding everybody's got them and they 5:36just didn't know they were there right 5:38so that concept of finding blind spots 5:41that we weren't aware of it's also 5:43finding things like 5:45unauthorized application 5:48access like unauthorized SAS apps that 5:50we didn't know about that's the first 5:52thing is identifying identity blind 5:55spots the second thing that identity 5:57protection does is if finds 6:01identity infrastructure 6:05gaps so what does that mean that's 6:07finding things like 6:11misconfigurations that would enable an 6:14attack to be more effective than uh we 6:17would want it to be of course and then 6:19also hazardous 6:22deviations in 6:25policy so you might have a security uh 6:28policy put in that says access to this 6:30application has to be controlled by 6:32multiactor authentication and you have 6:34mfi MFA bypass taking place you weren't 6:37aware of it but when you see it you can 6:39lock that up right and then finally the 6:42third thing that identity protection 6:44does is it gives us the ability to look 6:47at 6:49identity 6:51risky 6:55behaviors this is especially the threat 6:57management side of it right it's looking 6:59at can I detect in real time at the 7:03source at the identity management stack 7:06and by the way this clearly leverages AI 7:08because to be able to do this 7:10effectively you have to have a force 7:11multiplier in your capability and it's 7:14the ability to identify and handle 7:20threats that are happening against my 7:22identity stack and against my identities 7:25so it's looking for things like Brute 7:27Force attack on a particular IDP it's 7:30looking for things like credential 7:31stuffing so it's detecting the threats 7:33as they're happening and then 7:35immediately sending them over to your 7:37Security operation Center to be handled 7:40for your sim tool to process it and for 7:42your sore capability to actually go do 7:44something with it it's especially the 7:46biggest thing that we're finding here is 7:49when you have workflows that are 7:52bypassing critical systems such as your 7:56ztna your VPN and your p 8:00controls right can you detect when you 8:03have those things in place and someone's 8:04found a way around them and that that's 8:06being used that's the huge thing here so 8:09this is what identity protection is a 8:11critical element of the identity fabric 8:14the combination of two new Innovations 8:16around identity threat detection 8:18response and identity security posture 8:19management and it links the sock with 8:22the identity stack intimately For the 8:24First Time by addressing identity blind 8:27spots identity infrastructure gaps as as 8:29well as identifying risky behaviors like 8:31the bypasses thanks for your time if you 8:34enjoyed this video and want to see more 8:36like it please like And subscribe if you 8:39have any questions or want to share your 8:41thoughts about this topic please leave a 8:43comment below