Preempt Blog

The latest insights and advice to keep your company protected from insider threats and breaches

Fast-Track Your Approach to Secure Authentication With Conditional Access

Many IT security leaders are anxious about the recent spike in remote users in the last few weeks. One of the common themes that frequently comes up during our discussion with security experts, is how security and authentication policies are shaping up with the exponential increase in remote access. With only so much time available, IAM and security leaders in enterprises are under pressure to quickly focus and resolve this sudden need, while balancing their business objectives, organizational capabilities, and potential risks. 

Secure Authentication Conditional AccessIn companies where remote access capabilities have not been established or expanded yet, IT security leaders are working out short-term solutions to manage the surge. Some of them might include requirements such as access to communication tools, file sharing, enterprise applications like ERP and CRM. By understanding what use cases matter the most to your business, you can deploy a solution that ensures secure access, and grants the required level of security and capability to immediately fulfill employee needs.

Are Most Enterprises Underprepared for Cyber Breaches?

The short answer is, yes. Today, cyber attackers operate with sophisticated yet readily-available hacking tools to exploit newfound vulnerabilities in many organizations. Without relevant cybersecurity skills and a lack of resources, enterprises can fall behind in their attempts to mitigate the threat of cyberattacks. 

Some organizations do have foundational security measures like privileged access controls for their crown jewels (sensitive assets) and basic vulnerability detection. But, most of them fail to evaluate employee cybersecurity training, their access management policies and organization’s network security mechanisms. Overall, the infrastructure today is potentially more vulnerable to cyberattacks due to the increasing shift towards mobile and remote workforce – large and expanding attack surface.

Evaluate Risks and Fix Gaps in Authentication

For IT leaders today, identifying critical areas of risks and determining the effectiveness of Conditional Access seems like a daunting challenge. Getting the user access controls and policies right during structural changes in the organization while mitigating insider threats and risky users can be like a never-ending battle. The lack of insight into threats and inconclusive alerts doesn’t help in understanding user behavior and its changing context of risk. IT security teams often lack visibility and control over risky behaviors and rely on siloed solutions that lack (a unified) context. 

When bad actors attempt to gain access into your network, they need to authenticate with AD domain controllers, and this is where Conditional Access becomes critical. When you have a large number of remote users, you cannot enforce methods that just have ‘Allow’ or ‘Deny’ responses. Using Conditional Access that is tied to behavior and risk analytics, you can either block or trigger MFA whenever intruders try to move beyond the initial compromised user or machine.

For CISOs, Conditional Access Is the Key Part of Their Identity Security Strategy

To protect users and their activities, you need to be careful not to introduce too much friction that limits their core business function; you need to find a balance between usability and security. CISOs typically look for these three things in Conditional Access solutions — the need to understand passwords and privileges, real-time detection of anomalies, and a policy engine to continuously adapt to risks.

Preempt Conditional Access provides a unified and comprehensive view of all accounts – regular, privileged, and service accounts, and insights about each of them. It is easier for your IAM team to change individual or group policies and ensure that users have the appropriate level of access to sensitive information. You can also automatically respond to potentially risky behavior from admins and privileged accounts to validate their identity before letting them access critical business information and crown jewels. Once you establish a baseline, it is easier to understand areas of risk and detect behavioral anomalies, lateral movements, targeted attacks, and more.

The ability to differentiate and detect legitimate vs. malicious activity is foundational in having a good security posture. By setting up policies and leveraging Conditional Access with Preempt, you can respond in real-time based on identity, behavior, and risk. You can also measure user risk and detect when users have weak or shared passwords, which in turn enables proactive risk mitigation measures such as forcing a password change or alerting analysts. You can reduce false positives and alleviate SOC burden, which in turn brings down your total cost of ownership.

Watch the full webinar to learn more about CISO’s Perspective on Conditional Access. In this encore presentation of the highest-attended speaker session at Gartner IAM Summit 2019, Intralinks CISO Anjan Bagchee discusses using a Conditional Access approach for reducing risk and improving ROI.

Topics: Remote Workforce,

Posted by Narendran Vaideeswaran on April 6, 2020 6:59 PM

Product

Brute Force Attacks: Denying the Attacker, Not the User

According tohaveIbeenpwned.com, close to 8 billion accounts have been compromised...

Read More

Developer

What State-Sponsored Attacks Can Teach Us About Conditional Access

People often think that state-sponsored attacks from groups like Lazarus...

Read More

Events

A Simplified Approach to Network Segmentation

Network segmentation has long been one of the most valuable tools for protecting ...

Read More

Research

10 Things You Need to Know About Kerberos

As our research team continues to find vulnerabilities in Microsoft that bypass all major

Read More

Product

Brute Force Attacks: Denying the Attacker, Not the User

According tohaveIbeenpwned.com, close to 8 billion accounts have been compromised...

Read More