This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Automation of identity can help defend against attacks directed at users

Share this article:
Automation of identity can help defend against attacks directed at users
Automation of identity can help defend against attacks directed at users

Efficient identity management can help protect against advanced persistent threats (APTs).

Speaking to SC Magazine, Lieberman Software CEO Phil Lieberman said that the challenge for administrators of millions of users is that there is little in the way of off the shelf software to manage thousands of users, and to do manual management is impossible.

He said: "How many certificates and passwords are there, millions on thousands of machines? No one has made that software so they try to write it themselves. Identity management is a point solution for remediation for scale. There are users at this scale, but if it is not automated it cannot be done.”

Lieberman said that there is a problem of a lack of security and a lack of process and while there was not a lot of demand in the past, there are nation-state attacks and attackers having better tools requires automation. So if identity management is not automated in terms of understanding information then everyone is a target.

“In the scenario of cyber war, you want every account and API to be limited in time and scope so every credential changes every couple of days. So every hash changes and we see companies acknowledge the scope of the damage; without automation how do you know what is happening? With automation you can be in constant rotation.”

Lieberman said that a company with 40,000 users will never be fully protected from spear phishing, so efforts will be made on detecting and minimising the damage. “Every identity is a physical paradigm, and every user has got something and the shift is what you do and how far you go,” he said.

“You cannot hire enough people to do this and there is not the software for it. I am not about spreading fear, I feel I have to say what is going on and if you know the methodology and what your users do, it needs to be managed and there are few tools available to solve the problem.”

 

He concluded by saying that automating identity only requires a few lines of code but it can cause major benefits for scale.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.

Hackers smuggle out stolen data disguised as videos

Hackers smuggle out stolen data disguised as videos

Around a dozen organisations, including at least one financial sector company, have been hit by a new form of hacking where attackers hide stolen corporate data inside video files that ...