Last week, I was on the road speaking with CISOs across the country. One theme emerged loud and clear: Virtually all of the organizations have invested a lot in security tools and solutions, but despite their investment, they struggle with getting a complete view of user access across platforms. So, with that, I’d like to share how our customers have been able to overcome this common challenge to gain a more holistic view of users and identity within their organizations.
A fragmented view of the the who, what, when, where, and how of user access, along with limited visibility into privileged users and service accounts, can put an organization at risk of breach. It creates an uneven security posture and ultimately an unknown attack surface because we don’t know what we don’t know. Layer on top of this the challenge that emerges when you have users with multiple accounts, apps in the cloud, on prem and more.
To solve this challenge? Most security teams roll up their sleeves and take on the laborious manual process of trying to knit it all together across multiple tools, in order to try to get a better understanding of user activity across all of their security solutions.
Clearly this isn’t scalable, nor is it rewarding for your analysts to be working through this process manually. It makes the process highly inefficient and prohibits the team from responding to incidents rapidly, in addition to potentially negatively impacting audits and compliance. So, the business case for gaining holistic visibility across platforms in an automated manner is an easy one to make as long as it’s not a science project to get there.
For fashion retailer Charlotte Russe, gaining visibility and being able to more quickly respond to threats was a priority. They recently implemented Preempt to great effect: they are able to respond to security incidents two to three times faster than before. With increased visibility and controls they can more efficiently run security and have a more effective framework for detecting, responding to and resolving threats. Listen to them talk more about it here.
What do we mean by holistic visibility? It’s having the ability to see who is accessing what, when, where, and how - both on premise and in the cloud. Along with that, it's having better visibility and control into privileged users and services accounts across all of these platforms. When you have this visibility it makes it much easier to make an infrastructure more resilient to security breaches, helps improve efficiency and job satisfaction of the team and allows for adopting new initiatives securely and quickly.
Now the question is, what’s required and how to do it?
Key requirements for unified visibility include:
- Visibility into all users, privileges, access patterns and accounts in all locations
- Ability to detect elevated or stealthy privileges
- Ability to analyze both real-time traffic and backward looking logs to understand access patterns
- Support for AD and other identity and access directories to get additional visibiity
- Views by organization, user, incident, entity (managed/unmanaged devices)
How Preempt solves the Unified Visibility Challenge
Preempt does all of the heavy lifting and provides one pane of glass for all user activity across all platforms (on premise, cloud and hybrid) including access, behavior, history, profile changes, locations, device, role, password strength, privileges, VPN, SSO, authentication requests and more. Preempt analyzes real-time traffic and logs to automatically identify all of the users in an organization including privileged users, service accounts, executives, contractors and more as well as identify new or unknown users, stale accounts, users with poor security hygiene and more.
In addition to knowing who is doing what, where, when and how, we can rank users in terms of risk and uncover unsafe password practices, as well as weaknesses for both human users and programmatic accounts. Dedicated Risk Analysis also makes it clear which departments or organizational units are having the biggest effect on the security of the enterprise. With this view, it’s easy to see how each group is contributing to the security of the organization, both in terms of risk as well as impact to the network based on the resources they have access to.
Having unified visibility can be a force-multiplier for a security team, allowing them to more proactively reduce risk while also making it easier to detect and automatically take action to respond to threats.