Identity

What is an identity?

In cybersecurity terms, an identity is a digital representation of an individual, system, device, or entity within an enterprise network. The identity authenticates the entity, allowing it to access resources, perform actions, and establish trust within the digital ecosystem.

An identity is typically composed of attributes such as usernames, email addresses, digital certificates, biometric data, and more. It forms the foundation of access control and authorization mechanisms, enabling organizations to manage who can access specific resources, systems, or data.

How do attackers target identities?

Over 80% of cyber-attacks involve an identity compromise, according to the CrowdStrike 2023 Global Threat Report. This includes malware threats, Ransomware, and advanced persistent threat (APT) actors. Attackers leverage identities for Lateral Movement and to escalate privileges as part of an offensive campaign. Privileged identities can also be exfiltrated as part of intellectual property theft.

Compromising identities is at the core of sophisticated multi-stage attacks, with extremely clever ways to evade detection. Once the identities are compromised, and attackers have established persistence, it becomes increasingly difficult to detect and arrest malicious movement deep into the network – because the attacker activities are disguised as legitimate traffic.

How can organizations protect identities?

Organizations deploy identity and access management (IAM) systems that encompass processes, policies, and technologies to ensure the appropriate assignment, verification, and revocation of digital identities.

The aim is to establish a comprehensive framework that facilitates seamless user experiences while maintaining robust security measures. This includes multi-factor authentication (MFA), role-based access control (RBAC), and continuous monitoring of user behavior to promptly detect and respond to anomalous activities.

How Acalvio protects identities

Acalvio uses Deception Technology to protect identities. Deception technology has been recognized by industry experts and identity security solutions researchers as a proven mechanism for identity threat defense. Deception provides high-fidelity detection of identity threats, is agnostic to the specific offensive technique, and does not have any dependency on logs or signatures.

Acalvio ShadowPlex comprehensively detects identity threats, covering a range of credential and identity related attack attempts. Since attackers are increasingly targeting identity systems (IAM, PAM) to gain access to privileged credentials, ShadowPlex enables detection of attack attempts against the Identity Stores.

Acalvio provides an enterprise-scale implementation of Honey Accounts and HoneyTokens with automated life cycle management. Available on the CrowdStrike Store, the integration empowers customers to use Acalvio’s HoneyTokens and Honey Accounts seamlessly to detect identity threats.