Identity security in fighting cyber attacks
With cyberattacks becoming more pervasive and more destructive, new approaches to protecting enterprises are critically important. Spera, a Israeli security startup, is announcing a new cloud-based identity security posture management platform to address that need. The company provides end to end identity attack surface management, as well as risk reduction and identity threat prevention, detection and response.
According to the company, the Spera platform uses an inventory of identities that is available across cloud and on-prem environments. The inventory operates in real time and is continually updated and is risk and context based. The identity inventory is critical because most current attacks are identity based in one way or another. This is especially true in attacks that start with phishing, which is itself an identity attack.
According to IBM’s Cost of a Data Breach report, identity-based attacks involving compromised credentials and phishing were the two most common and costly attack vectors of 2022.
To be useful, a security product or service has to be used, which means that enterprises need to be convinced that the cost is reasonable for the service to be delivered, which in turn means that it has to deliver a reasonable return on investment.
“Spera was founded on the model of improving the ROI from day one,” explained Spera CEO Dor Fledel. “Within one hour of deployment, Spera produces a comprehensive report on the state of your identity security with actionable insights. On average, Spera helps solve more than 75% of critical issues within the first weeks of deployment, with high accuracy and easy remediation.”
The company said that Spera uses a “trust-but-verify” approach to identity security.
And that this empowers security teams to leverage identity as a business strength which ensures that identity security perimeters aren’t jeopardized by ineffective processes or human error.
Spera says it uses automation to continuously uncover identity risks and their context, allowing security teams to focus on remediating what matters most based on user correlation, identity analytics and usage patterns.
To do this Spera puts the identity and access management team in control by automatically building a real-time, comprehensive identity inventory of all users, identities, applications, environments and their enriched context in one interface. Spera then aggregates, correlates and normalizes all permissions, usage and changes made to your identity stack.
Primary Sources
Managing security platforms
“We integrate with three primary data sources,” Fledel explained. “The first is the identity stack and identity providers, such as Okta or Active Directory.”
“The second piece is the applications themselves. We plug into the applications and understand the permission models, what the users have done and where they have access, as well as the biggest risks in the applications,” he said. Fledel said that Spera provides the subject matter expertise that businesses need to understand the permissions and roles in applications that are not standardized.
“The third data source is additional context, which means data that doesn’t lie in the previous two sources.” He said that could be HR systems that show the business logic as well as other parts of the identity stack. Fledel said that this information allows the automation of complex tasks such as off-boarding, where many permissions and other access requirements have to be handled quickly and accurately.
Fledel said that an important difference between Spera and other similar solutions is that Spera doesn’t assume that the business has good security hygiene.
“One of the reasons we’re integrating to the applications is to see what’s really under the hood and what went beyond the formal approval processes,” Fledel said. “And based on things that we’ve seen in the market, those things actually impose a significant amount of risk because not only are they unmanaged, they also tend to be privileged and tend to not have multifactor authentication.”
These issues are the reason that Spera emphasizes identity security posture management. He said that it helps organizations reduce the risk profile in their identity stack. “We have found, based on a lot of conversations with CISOs and identity teams, that they say their identity maturity is relatively low,” he explained.
“One of the things that we are helping with is to solve an organizational problem,” Fledel said. “This includes the context of the different identities, what they are used for and whether they are required. Today it’s not only a technical problem that’s distributed between different systems in the organization, it’s also distributed between different people in the organization.”
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
