Identity Security Needs Humans and AI Working Hand in Hand
In the cybersecurity world, augmenting the human touch with artificial intelligence has produced extremely positive results.
November 21, 2022
From robotic assembly lines to self-driving cars, automated processes powered by artificial intelligence (AI) are reshaping society in significant ways. But AI can't do everything on its own — in fact, many organizations are beginning to recognize that automation often functions best when it works hand in hand with a human operator. Likewise, humans can often operate more efficiently and effectively when they receive a helping hand from well-trained AI. Cybersecurity — particularly identity security — is a perfect example of a field where augmenting the human touch with AI has produced extremely positive results.
Automation Is No Longer Optional
Consider the volume of identities that exist in today's environments. Users, devices, applications, servers, cloud services, databases, DevOps containers, and countless other entities (both real and virtual) now have identities that need to be managed. In addition, modern employees utilize a wide range of technologies and data in order to be productive in enterprise environments. Together, those two dynamics create a challenge for identity security — at today's scale, understanding which identities need access to what systems has moved well beyond human capacity.
This is important because cybercriminals are targeting identities with increased frequency. The most recent "Verizon Data Breach Investigations Report" (DBIR) indicated that credential data is now used in nearly 50% of breaches, and stolen credentials are one of the most common ways attackers are able to compromise identities. Attackers use a variety of methods to obtain those credentials, but social engineering is perhaps the most popular. People make mistakes, and attackers have gotten very good at identifying ways to trick people into making them. This is a major part of what makes today's attackers so difficult to stop: Human beings are often the weak point, and human beings cannot be patched. Designing a preventative solution that stops 100% of attacks simply isn't possible.
Shifting the Focus to Containment
This isn't to say that preventative measures like employee education, multifactor authentication, and frequent password changes aren't important — they are. But they also aren't enough. Eventually, a determined attacker will find a vulnerable identity to compromise, and the organization will need to know what systems it had access to and whether those privileges exceeded its actual needs. If an accountant has their user identity compromised, that is a problem — but it is a problem that should be limited to the accounting department. But in an organization where overprovisioning is common, an attacker who compromises a single identity might have access to any number of systems. This problem is more common than you might think — when an organization has tens of thousands of identities to manage, ensuring that each one has privileges that line up with its essential functions is difficult.
At least, it used to be. Applied to identity security, AI-based technologies have made it possible to not only help enterprises manage identity permissions at scale, but evolve identity security decisions over time to ensure those decisions match the shifting needs and dynamics of the business. AI can be trained to identify patterns that normal, human users would never notice. For example, they might look for permissions that are rarely used and recommend that they be revoked — after all, if they aren't being used, why risk allowing an attacker to exploit them? These tools can be trained to identify when access to certain data is frequently requested by the same type of user. They can then flag that information to an IT team member, who can judge whether additional permissions are warranted.
By identifying these patterns, AI-based identity tools can help to establish more appropriate permissions for identities across the organization, while also providing IT staff with the information they need to make informed decisions as circumstances change. By eliminating extraneous, unnecessary permissions, AI tools ensure that compromising a single identity will not grant an attacker free reign throughout the entire system. They also mean that, far from impeding productivity, the IT team can enhance it. By quickly identifying when it is safe and appropriate to grant additional permissions, they can make sure all identities under management have access to the technology and data they need, when they need it. None of this would be possible without human beings and AI working hand in hand.
AI-Driven Identity Security Is the Future
Gone are the days when managing identities and their permissions could be accomplished manually — today, ensuring that each identity has the right level of access can only be accomplished with significant help from artificial intelligence-based technology. By augmenting the human touch with AI, organizations can combine the speed and accuracy of automation with the contextual judgment of human decision-making. Together, they can help organizations more effectively manage their identities and entitlements while significantly limiting the impact of any potential attack.
About the Author
Grady Summers has a variety of technology and leadership positions spanning over 20 years and now serves as the Executive Vice President of Product at SailPoint. Grady is responsible for driving SailPoint's technology road map and solution strategy, ensuring strong and consistent execution across SailPoint's identity portfolio.
You May Also Like
Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024The Unreasonable Effectiveness of Inside Out Attack Surface Management
Dec 4, 2024