Recent breaches within Microsoft systems show the increasing threat of cloud identity attacks. It brings out the need for effective prevention, with traditional targets, such as Microsoft Active Directory, under siege and the rise in exposure to cloud identity repositories such as Microsoft Entra ID. The first use case was for attackers to pretend they were legitimate users within these systems, attacking both on-premises AD environments and cloud identity providers. Despite the availability of identity providers and Zero Trust network access solutions, gaps between on-premises and cloud identity providers continue to provide attackers with ample opportunity to exploit vulnerabilities.
This important gap is addressed by CrowdStrike’s new solution: CrowdStrike Falcon Identity Protection. This advanced solution provides unparalleled protection against cloud identity attacks.
With Falcon Identity Protection, organizations can gain holistic visibility into their hybrid identity landscapes. This enables them to detect and neutralize malicious activity across on-premises and cloud-based identity repositories. With advanced threat detection, CrowdStrike’s solution ensures proactive defense against identity-based breaches to protect sensitive data and organizational integrity.
Also Read: Top IT, Cloud, Cybersecurity News Updates: Weekly Highlights
CSRB Report Emphasizes Identity Security Importance
When the U.S. Cyber Security Review Board analyzed the Summer 2023 Microsoft breach, it was unequivocal about the importance of identity threat detection and response measures. This break occurred when a nation-state adversary compromised Microsoft Exchange Online mailboxes in 22 organizations and over 500 individuals globally. The threat actor used authentication tokens signed by a key created in 2016, leveraging the impact of compromised identities.
These attacks were deemed preventable, and the CSRB issued three recommendations for reducing future risks:
- Cloud service providers should adopt modern control mechanisms and baseline practices to fortify digital identity and credential systems against systemic compromise.
- New digital identity standards must be adopted to secure cloud services.
- In addition, continuous refinement and incorporation of any relevant standards should be made as needed to keep pace with new threats that emerge.
These recommendations were primarily aimed at cloud service providers, although organizations should recognize they bear part of the responsibility in the Cloud Shared Responsibility Model to strengthen identity security. A recent example of an attack targeting Microsoft’s corporate systems by COZY BEAR further highlights the weaponization of identities in the context of cyber breaches.
In the context of these examples, it’s clear that modern identity security measures are imperative. Without proactive defenses, organizations remain vulnerable to identity-based breaches, compromising sensitive data and organizational integrity.
Introducing Enhanced Cloud Identity Protection by CrowdStrike
CrowdStrike introduces a new generation of solution in the form of enhanced Falcon® Identity Protection. The platform enhances protection in the modern world by providing completely effective defense against identity attacks in the cloud. Based on a rich foundation of threat intelligence and adversary tradecraft, this unified platform delivers end-to-end protection of identities and endpoints.
With traditional IAM and IDaaS systems providing user authentication but no visibility into hybrid lateral movement and adversary tactics, Falcon Identity Protection now offers direct visibility into both on-premises AD environments and cloud identity providers such as Entra ID and Okta. With the correlation of authentication event context, it provides fast detection of malicious web-based activity, including session hijacking.
The service also enables real-time proactive response actions such as account disablement, session revocation, and access policy update. The vendor-neutral approach ensures an easy-to-implement integration that is free from silos typical of legacy systems.
Complementing all these is a new Falcon Adversary OverWatch service with a new identity threat-hunting capability. This 24/7 managed service, powered by AI and human expertise, uses telemetry data from Falcon Identity Protection to proactively disrupt adversaries across endpoints, identities, and cloud environments.
Improved CrowdStrike solutions empower customers to build confidence in defending against sophisticated identity-based threats, securing their organizations from potential breaches and ensuring continued security across hybrid environments.
Unified Protection with Falcon Identity Protection Platform
- Seamless Integration: Falcon Identity Protection integrates security operations into one platform, one console, and one agent, providing instant time-to-value.
- Comprehensive Coverage: Attain full visibility across traditional Active Directory (AD) and cloud identity providers like Entra ID and Okta, augmented with top-tier threat intelligence.
- AI-Powered Detection: Leverage AI-powered detection, establishing a baseline of normal user behavior, and quickly detecting the anomalies indicative of advanced threats traversing endpoints and identities.
- Real-Time Threat Response: Capture real-time threat and quickly thwart attacks by intercepting lateral movement across both authentication layers and endpoints in real time, increasing response times dramatically and removing the need for extensive log analysis.
- Dynamic Access Control: Implement risk-based conditional access policies, dynamically monitoring user behavior and contextual risk factors, and enforcing multi-factor authentication (MFA) where risk warrants it. Easy extension of MFA coverage to legacy systems and protocols, stopping potential exploitation.
FAQs
1. What are cloud identity attacks, and why are they on the rise?
Cloud identity attacks are attacks directed against an authentication system or credentials that are deployed within the cloud-based environment. These attacks have been rising due to the increased use of cloud services, which increases the attack surface and new ways to exploit.
2. How does CrowdStrike Falcon Identity Protection cover the gap between on-premises and cloud identity providers?
Falcon Identity Protection has comprehensive visibility for on-premises and cloud-based identity repositories, such as traditional Active Directory and cloud identity providers like Entra ID and Okta. The unified platform closes the visibility gap and enables detection and neutralization of threats across the hybrid environment.
3. What distinguishes Falcon Identity Protection from traditional IAM and IDaaS systems?
Falcon Identity Protection differs from the traditional systems in that it gives direct visibility into hybrid lateral movement and adversary tactics. Falcon Identity Protection correlates authentication event context for swift detection of malicious web-based activity while offering real-time threat response capabilities such as account disablement and session revocation.
4. How does Falcon Identity Protection use AI-driven detection?
Falcon Identity Protection uses AI-driven detection to establish a baseline of normal user behavior so quickly that anomalies indicative of sophisticated threats traversing endpoints and identities are easily detected. This proactive approach allows these organizations to detect and respond to threats before they escalate.
5. What is the significance of real-time threat response in cloud identity protection?
Real-time threat response enables organizations to intercept and block threats the moment lateral movement is detected across authentication layers and endpoints. This significantly improves response time and eliminates the need for extensive log analysis to enable fast mitigation of threats.
[To share your insights with us as part of editorial or sponsored content, please write to sghosh@martechseries.com]
