Achieving Identity Intelligence

June 3, 2019

It’s long been known that “you can’t protect what you can’t see.”

As a result of poor strategizing, businesses and organizations are often left to address network security breaches. Typically, IT security departments take a reactive or silo-based approach. Security, Network, Identity and Privileged Access Management (PAM) data is currently dispersed, managed and monitored in silos.

This type of security management system can cause access blind spots for professionals and enables threats to go undetected, as security experts are having to sort through multiple data sources to investigate threats.

The threat landscaping is larger than ever. Most organizations are suffering from alert fatigue and breaches continue to go undetected. Security Information and Event Management (SIEM) systems are supposed to perform analysis and identify risks, however, the number of alerts is overwhelming false positives and creates an increased workload to already overworked security operations centers (SOCs). By consolidating this data into a single analytics repository, organizations are able to correlate identities, network communication and privileged access rights to spot suspicious and anomalous activity.

Organizations can now create a baseline of “normal” user activity based on time, geography, transactions, and session information. That baseline is continuously gauged against a peer group of users to further identify the “normal” baseline for a user given their respective responsibilities through credential modeling. The final step is a dynamic baseline of user behavior through profiles of when, where, and how users employ credentials to access sensitive company resources. Once anomalous behavior is detected, the model needs to reference risk-based policies to determine if real-time action is warranted. 

By leveraging next-generation analytics, organizations strengthen their ability to protect their brand, ensure confidentiality of customer data, and improve user trust. Some of the largest breaches have occurred because basic identity access management (IAM) technologies, such as PAM, were not implemented to create a barrier for elevated permission grants. Other IAM technologies such as single sign-on (SSO) can be implemented for quick wins that improve the end-user experience and reduce password-related calls to the help desk. These and other foundational technologies are prerequisites for advancing to Identity Intelligence. 

Tony Pai

Chief Operating Officer at Anomalix

Tony has a unique blend of technical and business skills to lead Anomalix’s day-to-day operations as well as ensure the successful delivery of professional services. Prior to Anomalix, Tony spent 14 years as an equities trader for various financial institutions, 12 years as an IT Security consultant and is a licensed attorney in the state of Illinois. Tony earned his bachelor’s degree in Economics from the University of Illinois at Urbana-Champaign and a JD from The John Marshall Law School.

View Linkedin