If you are not aware, Gartner created a new category that is pushing enterprise security to a new level. Gartner created the Identity Threat Detection and Response (ITDR) discipline as a way to address the gaps that traditional security solutions are leaving wide open for attackers. Many don’t fully understand the details about ITDR, but the recent cyber insurance report by Delinea might give everyone the insights that proves Gartner is spot on with their creation of ITDR.
What is ITDR?
ITDR is the result of what Gartner is proving to be some of the traditional security solutions that so many enterprises have been relying on, only to realize their overall identity risk is very high and attackers are leveraging these gaps.
Gartner expresses that traditional security solutions such as PAM, MFA, IAM, etc. do not address the core identity security issues that attackers are leveraging. Sure, these security solutions are needed by nearly every enterprise, but they don’t address how attackers are going after weaknesses and misconfigurations that are inherent to identities.
Therefore, Gartner has expressed that additional solutions be implemented to fill these gaps, primarily solutions that address:
- Prevention - Ensuring that identities and their configurations are secured before an attacker can attack them.
- Detection – When an identity is attacked, being able to detect these attacks with as much precision as possible to not add to the SOC load already.
- Response – The ability to know what to do if there are weaknesses, misconfigurations, or even attacks against identities.
Cyber Insurance – Not Quite Hitting the Mark
In the Delinea cyber insurance report there are some staggering analysis results, which don’t shine a good light on the overall state of the security industry. With regard to identity security, the report clearly shows that a large number of cyber insurance agencies are requiring IAM solutions, along with PAM and MFA, but still 80% of organizations are experiencing cyber events that require insurance claims. Clearly these solutions are leaving major gaps that attackers are walking through with ease.
The report also shows that Identity prevention, detection, and response solutions are not being required by cyber insurance companies. This opens up the obvious question as to what would happen if ITDR like solutions were to be added to cyber insurance policies?
Proof Identity is the Target and Result of Breaches
You don’t need to look too far to see where identity is the target for so many high profile and widespread attacks and breaches. According to CSO all of the top ransomware gangs and exploits starting 2023 use identity in some way to gain initial access, move laterally, and gain privileges to distribute the ransomware. This includes the leader LockBit, as well as Hive, Black Basta, Royal, and Vice Society.
Lockbit – privileges
LockBit ransomware — what is it and how to stay safe (kaspersky.com)
Hive – exchange into AD accounts
#StopRansomware: Hive Ransomware | CISA
Black Basta – harvest creds
Black Basta: New ransomware threat aiming for the big league | CSO Online
Royal – Qbot, which is attacks on AD and vulns
New Royal ransomware group evades detection with partial encryption | CSO Online
Vice Society – educ – compromise valid accounts