1 Introduction / Executive Summary
A growing number of cybersecurity professionals are embracing the mantra “identity first,” and for good reason. Over the last several years, threat actors have moved from endpoint and network-borne attacks and turned their attention toward infiltrating identity systems. This attack path enables threat actors to operate within a trusted zone unimpeded for days or even months before an organization becomes aware of a breach. As a result, damages can be costly and often result in ransomware attacks. Of course, this does not mean attackers have abandoned other malicious workflows, especially those using zero-day vulnerabilities not yet known to the defenders. Identity-based attacks are way more frequent but potentially easier to detect, thanks to ITDR.
Figure 1: Identity Security priorities for KuppingerCole customers in 2024. (Source: KuppingerCole Analysts)
Threat detection for identity systems poses challenges that differ from endpoint, system, and network breaches because users are considered trusted, provided sufficient measures such as strong authentication and MFA are utilized. However, organizations have difficulty quantifying their identity assets, evaluating risk exposure, monitoring for attack vectors (including account takeovers, lateral movement, and account data exfiltration), and enabling response teams to launch effective kill chains.
Security chiefs are looking at Zero Trust Network Access and new Identity Threat Detection and Response (ITDR) solutions that will assist them. Figure 1 demonstrates that end users are keen on Identity Security and Zero Trust deployments. However, feedback from KuppingerCole clients indicates some apprehension about the best approach to implement these measures, and what is required.