Detection and Response for Identity Threats

This post is also available in: 日本語 (Japanese)

The common assumption in security is that threats come from the outside. However, as outer defenses became more difficult to breach, malicious actors began targeting the humans on the inside, giving rise to two significant threat vectors: identity threats and malicious insiders.

What are Identity-Based Threats?

Identity threats involve unauthorized access to user accounts, while malicious insiders are individuals who abuse their authorized access to conduct fraudulent or illegal activities. Organizations expect modern threat detection solutions to deliver identity and behavioral based threat detection, seamlessly, in order to detect covert security threats. Unfortunately, Identity threat detection is extremely challenging because in both cases the threat actors are using legitimate credentialed access.

Insider threat, behavioral and identity threat detection are often separately addressed by disparate solutions that are not well integrated.

• Lack of threat and data science expertise leads to security analytics unable to get ahead of threats
• Overconfidence in identity solutions can give a false sense of security while threat actors operate undetected
• Insider threat continues to be one of the hardest security outcomes to address because a trusted insider is authorized and authenticated

Traditional security approaches are insufficient to protect against these threats, and organizations require special learning algorithms to accurately identify and respond to potential threats.

Introducing Cortex Identity Threat Detection and Response Module

Built from the ground up, the Cortex Identity Threat Detection and Response Module provides proactive protection against identity-related threats. By leveraging the power of AI and automation, the module provides advanced detection capabilities that enable organizations to quickly identify, investigate, and ultimately respond to identity threats.

The new module empowers our customers to:

• Combine the detection capabilities of Identity Threat Detection and Response (ITDR) with analytical and risk based detections and user and entity behavior analytics (UEBA)
  • Reduce a disparate technology stack and lower cost.
  • Replace existing UEBA capabilities.
  • Replace some ITDR vendor capabilities.
• Eliminate the need for internal advanced detection engineering to support complex analytic and risk-based detection.
  • Take advantage of Unit 42 and Cortex research driving analytic detections.
  • No longer require long-term maintenance by folks on staff.
  • Offload complicated and prolonged security research activities and let your internal teams focus on what really matters.
• Risk-based profiles help focus investigations on the higher priority incidents.
  • Deliver valuable insights via peer grouping and show users' and hosts' historical trends and patterns.
  • Gain automated insights from designated classification analytics based on the applied data sources.
  • Replace risk profiling and peer grouping found in adjacent solutions today.
• Faster detection and response for historically challenging security outcomes.
  • Deliver out-of-the-box detection analytics designed to uncover the stealthiest threat vectors, such as compromised accounts and insider threats.
  • Automatically apply learnings from your environment to pinpoint suspicious events that deviate from baselines.
• Continuous monitoring and safety net for authentication and identity solution failures.
  • Support ZTNA architectures to extend capabilities and detect violations of trust.

The new Identity Threat Detection and Response Module provides protection for identity threats earlier in the kill chain. By combining this with the advanced detection capabilities of Identity Analytics, Cortex delivers superior protection against identity-related threats across the attack lifecycle., reducing the risk of data breaches and other security incidents.

The Cortex Identity Threat Detection and Response Module is Available for Both Cortex XSIAM and Cortex XDR

With the launch of Cortex XSIAM 1.4 and XDR 3.6 we continue to advance our mission to help customers protect their organization. The new advanced Identity Threat Module from Cortex XSIAM and XDR provides proactive coverage for stealthy identity threat vectors, including compromised accounts and insider threats, allowing you to protect your organization without slowing down the business.

Connect with your account manager to set up a demo to see this module in action.

Learn more about this module. Read the Cortex Identity Threat Detection and Response Module Solution Brief today!