This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Automation of identity can help defend against attacks directed at users

Share this article:
Automation of identity can help defend against attacks directed at users
Automation of identity can help defend against attacks directed at users

Efficient identity management can help protect against advanced persistent threats (APTs).

Speaking to SC Magazine, Lieberman Software CEO Phil Lieberman said that the challenge for administrators of millions of users is that there is little in the way of off the shelf software to manage thousands of users, and to do manual management is impossible.

He said: "How many certificates and passwords are there, millions on thousands of machines? No one has made that software so they try to write it themselves. Identity management is a point solution for remediation for scale. There are users at this scale, but if it is not automated it cannot be done.”

Lieberman said that there is a problem of a lack of security and a lack of process and while there was not a lot of demand in the past, there are nation-state attacks and attackers having better tools requires automation. So if identity management is not automated in terms of understanding information then everyone is a target.

“In the scenario of cyber war, you want every account and API to be limited in time and scope so every credential changes every couple of days. So every hash changes and we see companies acknowledge the scope of the damage; without automation how do you know what is happening? With automation you can be in constant rotation.”

Lieberman said that a company with 40,000 users will never be fully protected from spear phishing, so efforts will be made on detecting and minimising the damage. “Every identity is a physical paradigm, and every user has got something and the shift is what you do and how far you go,” he said.

“You cannot hire enough people to do this and there is not the software for it. I am not about spreading fear, I feel I have to say what is going on and if you know the methodology and what your users do, it needs to be managed and there are few tools available to solve the problem.”

 

He concluded by saying that automating identity only requires a few lines of code but it can cause major benefits for scale.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Samsung Galaxy S5 fingerprint scanner 'easily hacked'

Samsung Galaxy S5 fingerprint scanner 'easily hacked'

Single step authentication on Galaxy leaves PayPal accounts open to abuse say German researchers.

MSWin 8.1 users must update or lose security patches

MSWin 8.1 users must update or lose security ...

Organisations run the risk of being left defenceless against attackers unless they upgrade from MS Win 8.1

Communication gap indentified between IT and management

Communication gap indentified between IT and management

Bad news is filtered out of communicaiton to the C-suite and 63 percent of IT staff only start talking after a breach has taken place.