This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Automation of identity can help defend against attacks directed at users

Share this article:
Automation of identity can help defend against attacks directed at users
Automation of identity can help defend against attacks directed at users

Efficient identity management can help protect against advanced persistent threats (APTs).

Speaking to SC Magazine, Lieberman Software CEO Phil Lieberman said that the challenge for administrators of millions of users is that there is little in the way of off the shelf software to manage thousands of users, and to do manual management is impossible.

He said: "How many certificates and passwords are there, millions on thousands of machines? No one has made that software so they try to write it themselves. Identity management is a point solution for remediation for scale. There are users at this scale, but if it is not automated it cannot be done.”

Lieberman said that there is a problem of a lack of security and a lack of process and while there was not a lot of demand in the past, there are nation-state attacks and attackers having better tools requires automation. So if identity management is not automated in terms of understanding information then everyone is a target.

“In the scenario of cyber war, you want every account and API to be limited in time and scope so every credential changes every couple of days. So every hash changes and we see companies acknowledge the scope of the damage; without automation how do you know what is happening? With automation you can be in constant rotation.”

Lieberman said that a company with 40,000 users will never be fully protected from spear phishing, so efforts will be made on detecting and minimising the damage. “Every identity is a physical paradigm, and every user has got something and the shift is what you do and how far you go,” he said.

“You cannot hire enough people to do this and there is not the software for it. I am not about spreading fear, I feel I have to say what is going on and if you know the methodology and what your users do, it needs to be managed and there are few tools available to solve the problem.”

 

He concluded by saying that automating identity only requires a few lines of code but it can cause major benefits for scale.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Microsoft warns on yet another zero-day security flaw

Microsoft warns on yet another zero-day security flaw

Microsoft has warned Windows users about a zero-day security issue with malicious PowerPoint documents being emailed to recipients. The software giant is working on a patch for the problem.

Google launches FIDO-compliant 2FA USB key for Chrome and Gmail

Google launches FIDO-compliant 2FA USB key for Chrome ...

Google has souped up its two-factor authentication (2FA) login process with the launch of Security Key, a physical USB that only works after verifying the login site is truly a ...

Evolving TorrentLocker ransomware generating big money

Evolving TorrentLocker ransomware generating big money

The TorrentLocker ransomware has returned with a vengeance and is starting to bring in big money for its operators.