Presentation is loading. Please wait.

Presentation is loading. Please wait.

Deconstructing Identity Analytics for Higher Risk Awareness

Published byArlene Phoebe Cook Modified over 5 years ago

Similar presentations

Presentation on theme: "Deconstructing Identity Analytics for Higher Risk Awareness"— Presentation transcript:

1 Deconstructing Identity Analytics for Higher Risk Awareness
IDY-W02F Deconstructing Identity Analytics for Higher Risk Awareness Jackson Shaw Sr. Architect OneIdentity.com

2 Session Goals Introduce you to the concept of Identity Analytics and Intelligence (IAI) Understand how IAI can benefit you and your organization How powerful tools like Cloud-based Analytics and Machine Learning relate to IAI The value of community-based information as a benchmarking tool Other Ideas Why Identity is a good place to start It’s more than just User Behavior Analytics Comments (does anyone care about machine learning)

3 What is identity analytics & intelligence
“Identity analytics is the next evolution of the Identity Governance and Access (IGA) market. “Identity analytics is the discipline that applies logic and science to identity and access data to provide insights for making better IAM decisions. Identity analytics tools employ features that move organizations toward a contextual, dynamic, risk-based approach to IAM. With identity analytics, the organization can bridge the gap between administrative controls and runtime activities, detect and remediate malicious behavior, and make more informed access policy decisions.”

4 Identity Analytics – Thru the context of RISK
Assumption: There are bad actors out there. What can we do to proactively reduce our risk surface? Who are my high risk users? Discover and establish a user risk profile baseline Am I aware when/if someone goes from a low risk to a high risk user? Am I aware when/if someone goes from a high risk user to a low risk role? (i.e., internal transfers) What can I do to eliminate unneeded risk? Do I have users with unneeded or anomalous entitlements? Do I have users with dormant entitlements? How can I assert that the existing risk aligns with the business needs? Do I have the context I need to make a decision?

5 Identity Analytics and Intelligence
What’s needed? (imho) Real-time, cloud and community based Data maintained longitudinally Leverage new (and hip) technologies like machine learning ML allows computers to find hidden insights without being explicitly programmed where to look Initial feeds related to user activity would be sourced from various systems: Directories (AD, AAD, LDAP, etc) Privileged Account Management systems Firewalls SIEMs & Firewalls NOTE I hacked this slide and diagram to remove the focus on behavior analytics and put the focus on entitlement grants and anomalous/dormant access

6 We already understand the current state of identity
Users, resources and entitlements everywhere Change is constant Bad actors are looking to exploit weaknesses Entropy is the enemy How does Identity Analytics help make sense of this current state?

7 Entitlement Grants are Harvested
Identity Analytics harvests entitlement grant data from data sources All the harvested data is sent to the Identity Analytics cloud service for processing

8 All entitlements are not created equal
Identity Analytics possesses a huge index of identity and entitlement grant data Fact: Not all entitlements are created equal Solution: Classification!

9 Entitlement Classification Rules
Entitlement grants are run thru a series of entitlement classification rules The rules identify and filter the high risk grants “Out-of-the-box” rules for quick processing Turn-key but customizable Basic Example: Granted the ability to reset a domain user’s password in Active Directory Grant the ability to enable disabled domain user accounts in AD

10 Community insights Entitlement classification rule usage data is shared across the community Gain insights into how the community views the definition of a “high risk” entitlement grant Today: Usage statistics Tomorrow: Machine Learning and Recommender Algorithms “We recommend these 17 classification rules based on your data sources” “Other companies or your size or vertical are using this classification rule” “Review this new classification rule that 43% of other companies have adopted”

11 Reduced Risk Surface Example option with full graphic

12 The baseline is established: Now What
Identity Analytics can dig deeper But first… With a baseline of entitlement grants established: Identity Analytics can alert when a normal user acquires high risk entitlements! Anytime a user acquires a high risk entitlement it is an opportunity to determine if this was an approved/accepted activity. Checks and Balances.

13 Peer Group Analysis: Anomalies
Further analyzing peer groups provides deeper insights Find anomalous entitlement grants Anytime a user acquires a high risk entitlement it is an opportunity to determine if this was an approved/accepted activity. Checks and Balances.

14 Peer-group Analysis…

15 Peer-group Analysis Here’s a concrete example and some appropriate questions: Does Alice’s behavior coincide appropriately with her role? Is this acceptable behavior? Should she have access to Asset X? Is she part of PreSales?

16 Dormant Access Identity Analytics reviews entitlement usage to determine if there are unused grants Eliminate unused or unneeded grants which are significant security risks Help you identify what in-use, high-risk grants should be vaulted in your favorite privileged account management system DL Anytime a user acquires a high risk entitlement it is an opportunity to determine if this was an approved/accepted activity. Checks and Balances.

17 Entitlements & Entropy
Entropy = “gradual decline into disorder” Why can Jason do “X” and I can’t do the same? IAI isn’t just about identifying risk – it’s also about untangling years of entropy that have set in across all your systems.

18 Micro-Certification IA finds anomalous or unused entitlement grants, but ultimately lets the business decide what’s acceptable Real-time and contextual versus scheduled and unrelated Certify on high-risk change versus change Anytime a user acquires a high risk entitlement it is an opportunity to determine if this was an approved/accepted activity. Checks and Balances.

19 Entitlements & Entropy

20 Entitlements & Entropy

21 Machine Learning Intelligence
Machine learning is a method of data analysis that automates analytical model building. Using algorithms that iteratively learn from data, machine learning allows computers to find hidden insights without being explicitly programmed where to look.

22 Machine Learning Insights over Time

23 Apply What You Have Learned Today
When you get back to work: Educate your managers and staff that identity is a key indicator of risk in your organization and that identity is composed of credentials that may significantly span your organization, contractors, partners or customers. What reconciliation program is in place to manage these identities? Within a month: Inventory what identities could be considered high-risk, and why. Perform a peer-group or cluster analysis of privileged identities. What revelations were in the data? Within a quarter: Highlight the effectiveness or need for an identity & risk analytics system.

24 Thank you! Questions? Jackson.Shaw@OneIdentity.com
Follow me on

Download ppt "Deconstructing Identity Analytics for Higher Risk Awareness"

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
© 2012 IBM Corporation Symposium on Digital Curation 0 The Future Workforce Steven Miller IBM.

© 2012 IBM Corporation Symposium on Digital Curation 0 The Future Workforce Steven Miller IBM.
Using Windows Firewall and Windows Defender

Using Windows Firewall and Windows Defender
©2011 Quest Software, Inc. All rights reserved. Patrick Hunter EMEA IDAM Team Lead 7 th February 2012 Creating simple, effective and lasting IDAM solutions.

©2011 Quest Software, Inc. All rights reserved. Patrick Hunter EMEA IDAM Team Lead 7 th February 2012 Creating simple, effective and lasting IDAM solutions.
Enterprise Security for Microsoft Dynamics GP Jeff Soelberg

Enterprise Security for Microsoft Dynamics GP Jeff Soelberg
Home Performance Management and WebFOCUS Information Builders User Groups March 2010.

Home Performance Management and WebFOCUS Information Builders User Groups March 2010.
© 2010 IBM Corporation Business Analytics software Business Analytics Editable Text Editable Text Editable Text.

© 2010 IBM Corporation Business Analytics software Business Analytics Editable Text Editable Text Editable Text.
Frontline Enterprise Security

Frontline Enterprise Security
- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.

- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.
Home Adding Performance Management to Your WebFOCUS apps Information Builders User Groups 2011.

Home Adding Performance Management to Your WebFOCUS apps Information Builders User Groups 2011.
THE NEED FOR CONTEXT 1 Applying Machine Learning to Incident Response Matt

THE NEED FOR CONTEXT 1 Applying Machine Learning to Incident Response Matt
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Lecture-6 Bscshelp.com. Todays Lecture  Which Kinds of Applications Are Targeted?  Business intelligence  Search engines.

Lecture-6 Bscshelp.com. Todays Lecture  Which Kinds of Applications Are Targeted?  Business intelligence  Search engines.
Introduction to Machine Learning, its potential usage in network area,

Introduction to Machine Learning, its potential usage in network area,
Deconstruction and Recovery Information Modelling

Deconstruction and Recovery Information Modelling
SAP Process Mining by Celonis

SAP Process Mining by Celonis
Proactive Incident Response

Proactive Incident Response
Identity and Access Management

Identity and Access Management

Similar presentations

Ads by Google