ATLANTA, Jan. 16, 2020 — BeyondTrust, the worldwide leader in Privileged Access Management (PAM), today announced the availability of the final book in the attack vectors series, Identity Attack Vectors: Implementing an Effective Identity and Access Management Solution. The book, co-authored by BeyondTrust’s Chief Technology Officer, Morey J. Haber, and Darran Rolls, CTO of SailPoint, discusses the risks associated with poor identity management practices, the techniques utilized by threat actors and malicious insiders, and the operational best practices that organizations should adopt.
Designed to help enterprises integrate key identity management technologies into a corporate ecosystem, the recommendations outlined in the latest book from two of the industry’s visionaries are based on real-world strategies to prevent identity attack vectors.
As cyber-attacks continue to increase in volume and sophistication, it is not a matter of if, but when, an organization will have an incident. One key area of risk is when threat actors target accounts, users, and their associated identities to conduct their malicious activities through privileged attacks and asset vulnerabilities. According to the BeyondTrust 2019 Privileged Access Threat Report, 64% of those surveyed believe they’ve had a direct or indirect breach due to misused or abused employee access in the last 12 months, and 62% believe they’ve had a breach due to compromised vendor access. However, organizations that are managing these risks through integrated technology and automated processes see positive results and significant risk reduction. According to the study, 90% of those with fully integrated Privileged Account Management (PAM) tools are confident they can identify specific threats from employees with privileged access.
“This book completes the trilogy on the Attack Vectors series and provides the final piece of foundational material for the three pillars of cyber security – Identity, Privilege and Asset,” said Morey Haber, BeyondTrust CTO and CISO. “With the goal of arming enterprises with the knowledge and tools to protect against identity theft and account compromises, we end this final chapter with a clarion call to enterprises to recognize the vital role Identity Access Management (IAM) plays and ensure that the special use case of PAM is a focal point for their organization.”
“In the process of completing this book, one thing became very clear, identity continues to be the cornerstone of enterprise security,” said Darran Rolls, SailPoint CTO. “When poor identity practices are exploited and identity theft is used as an attack vector, risk and vulnerabilities increase exponentially. Organizations must make it a priority to mitigate this risk as a fundamental part of their security strategy.”
The book contains guidance for readers to:
- Understand the concepts behind an identity and how their associated credentials and accounts can be leveraged as an attack vector
- Implement an effective identity governance program to manage identities and roles, and provide certification for regulatory compliance
- See where identity management controls play a part in the cyber kill chain
- Understand how the management of accounts and identities with privileged access can be the weakest link in an identity governance strategy
- Build upon industry standards to integrate key identity management technologies into a corporate ecosystem
- Plan for a successful deployment, implementation scope, regulatory reporting, and oversight based on real-world strategies to prevent identity attack vectors
Previous books in this series include Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations and Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations, co-authored by BeyondTrust’s Chief Technology Officer, Morey J. Haber. The latest installment completes the trilogy around the three pillars of cybersecurity.
A webinar will be held on February 4, at 11:00 a.m. ET with co-authors Morey Haber and Darran Rolls titled Deconstructing Identity as a Cyberattack Vector. Participants who register will hear expert-vetted practices on how to mature an identity program, battle-tested advice on pitfalls to watch out for, and proactive methods to ensure long-term viability of the identity lifecycle.
BeyondTrust is the worldwide leader in Privileged Access Management (PAM), empowering organizations to secure and manage their entire universe of privileges. Our integrated products and platform offer the industry’s most advanced PAM solution, enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments.
The BeyondTrust Universal Privilege Management approach secures and protects privileges across passwords, endpoints, and access, giving organizations the visibility and control they need to reduce risk, achieve compliance, and boost operational performance. We are trusted by 20,000 customers, including 70 percent of the Fortune 500, and a global partner network. Learn more at www.beyondtrust.com.
Mike Bradshaw Connect Marketing for BeyondTrust P: (801) 373-7888 E: [email protected]