Identity Attack Vectors (Methods and Tactics)

Identity attack vectors extend the surface area for cyber attacks beyond the open ports, database vulnerabilities, and insecure protocols that malicious intruders often seek to exploit. The purpose of identity attacks is to compromise identities on a network and impersonate that identity for a nefarious purpose. This article describes identity attack vectors by focusing on the methods and tactics used to take over compromised identities on a corporate network. 

Analyzing the Colonial Pipeline Cyber Attack from An Identity Management Perspective

Identity as the New Network Perimeter

Whether you’re talking about devices or users, identity is the common factor that enables or weakens an organization’s information security posture. Proper identity and access management:

1. provides users and devices with the right level of access matching their role and responsibility,
2. supports and provides statistical analysis of processes that include authorization and certification to determine compliance
3. highlight IAM process inefficiencies and,  
4. help you discover and remove accounts that are no longer in use or are no longer needed for a job function.

This article describes how identity functions as the new network perimeter within the modern corporate network infrastructure. 

Entitlement Creep (What is it and How to Reduce it with Automated Identity Governance?)

How IAM Supports A Zero Trust Security Model

IAM Data Security Context

There are only two times that all the people in your organization have the right level of access to the data, applications, and systems in your company—before they join the company and just after an audit. In between audits, inefficient identity and access management can increase the likelihood of having orphaned accounts. This article informs you about orphaned accounts and their dangers. 

IAM Challenges for Modern Enterprises

This year conferences went virtual and while this meant that we could attend events without pants, it also means not bumping into old friends and sharing ideas over a meal. This year Identiverse is a hybrid event with an in-person and a virtual component.