Unified Identity Protection leader, Silverfort, launched the most comprehensive free identity risk assessment available to help organizations discover the gaps and hygiene issues in their identity attack surface which may cause cyber insurance compliance failures. Intended to be used by companies with 250 or more employees, the assessment will help meet expanding cyber insurance requirements in advance of a policy application or renewal.
Simple to deploy and providing visibility into all user authentications, Silverfort’s identity risk assessment operates at a directory level to report with in-depth visibility on the identity attack surface. The report summarizes risky user accounts and authentications as well as risk indicators such as shadow admins, passwords that never expire, admins liable to Kerberoasting, pass-the-ticket and lateral movement attempts, authentications using weak encryption protocols, unprotected Service Accounts and more.
CIO INFLUENCE: Apprentice Now Joins Amazon Web Services Training Partner Program to Deliver AWS Cloud Skills Training
These common attack paths are used by threat actors to move laterally around an organization and propagate the ransomware responsible for more than half of all cyber insurance payouts last year. For this reason, identity security hygiene has become increasingly important to insurance underwriters.
Cyber insurance premiums continue to increase due to the routine manner by which adversaries use these gaps in identity to spread in their victim’s environment and ultimately extort them for payment. In response, insurance carriers and brokers have added detailed identity security requirements and increased scrutiny around how controls are deployed and managed. MFA is now required to protect an expanded range of internal apps, interfaces, and systems, including VPNs, file shares, networking equipment, legacy systems, and CLI admin tools. Insurers are also increasing Privileged Access Management (PAM) requirements for highly privileged and non-human users, with the discovery and password hygiene of Service Accounts coming under particular scrutiny.
CIO INFLUENCE: PlainID Launches The PlainID Technology Network to Enable Identity Aware Security for Advanced Access Control
Hed Kovetz, CEO and Co-Founder of Silverfort, said, “Insurance carriers are waking up to the path of least resistance presented by the identity attack surface. Once initial compromise is achieved, countless attack paths into critical areas of every environment are exposed, significantly increasing the chance of an attack succeeding. This makes it very difficult for insurers to correctly price the risk.
“Our free identity risk assessment provides organizations a clear view of their exposure. With the results they can better understand the steps necessary to improve security posture and insurability, such as applying MFA to critical resources and protecting Service Accounts. We hope this helps put more affordable insurance policies in reach of more organizations.”
CIO INFLUENCE: Ascend.io Launches Solution in Partnership with Snowflake, Enabling Cost Savings for Data Teams
[To share your insights with us, please write to sghosh@martechseries.com]
