October 8, 2018 By Sridhar Muppidi
Priti Patil
4 min read

Cloud, the Internet of Things (IoT), mobile and digital business initiatives have broadened the surface and increased the complexity of identity and access management (IAM) environments. With millions of entitlements to manage across thousands of users and hundreds of applications, organizations are struggling to keep their access risks in check.

Today’s environments have become so complex that no reasonable IAM professional — no matter how talented — could feasibly gather, analyze and detect every relevant access-related risk factor. This lack of insight is leading to security risks, operational inefficiencies, loss of data and failure to comply with regulatory standards.

A modern approach to identity demands not only strong access controls and governance, but also a high level of risk awareness. Old-school, rules-based approaches to policy management for access controls, identity management and data governance can’t effectively pinpoint the new types of suspicious and harmful activities that are occurring in large and complex environments. Instead, organizations must consider an analytics-based approach that simplifies the demands placed on IAM professionals.

The Identity Analytics Imperative

A typical IAM system contains basic information about who users are and what they can access. However, this data isn’t sufficient to provide an accurate picture of access-related risks. To get a holistic view of access risks, you must obtain information about what users are really doing with their access privileges.

This means incorporating data from a vast array of other sources, such as data access governance, content-aware data loss prevention, security intelligence and event monitoring (SIEM), and database monitoring systems, as well as application, web, network, database and endpoint logs. By gathering data from various sources, advanced analytics techniques can create a holistic view of the managed environment and provide a 360-degree view of access risks. This is known as identity analytics, a process that employs big data, machine learning and artificial intelligence (AI) technologies to consume and analyze vast amounts of data and distill that data into actionable intelligence, allowing organizations to detect and respond to access risk more quickly.

View the webinar

Using Baselines to Understand the Abnormal

Identity analytics enable administrators to be more proactive instead of reactive with continuous monitoring of the identity environment. It builds behavioral baselines of normal user activity and then detects anomalies from those baselines.

Typical user activities, such as requesting access to applications, logging into applications and accessing data in file sharing systems, are normal in isolation but would raise a flag when done at an unusually high volume or frequency. With an understanding of baseline and abnormal behavior, organizations can achieve better compliance with meaningful and actionable insights about user activity at each stage of the user access life cycle.

The diagram below illustrates the stages users go through when joining a business workforce and obtaining access to the tools and assets necessary to do their job. The IAM life cycle also includes stages to ensure that employees maintain appropriate access as they move within the organization, with access being revoked or changed when they separate or change roles.

In each phase, identity analytics data increases risk awareness and responsiveness, provides richer contextual user experiences and informs behavioral-based access policies. It bridges the gap between administrative controls and runtime activities, enabling administrators to get a clearer picture of how users are actually utilizing their access. With identity analytics, IAM teams can detect suspicious user activity, remediate inappropriate access and adjust access policies as necessary.

Identity analytics leverage machine learning and application usage data to make access policies and role recommendations that are based on user behavior and data usage — not merely on assigned entitlements or entitlement histories. These recommendations can provide IAM teams with a more accurate snapshot of policy and minimize the proliferation of unnecessary entitlements.

The Added Value of Artificial Intelligence

AI technology can make identity analytics an even more robust tool. With AI, identity analytics can automatically predict trends and behaviors, identify what may potentially happen and make recommendations for corrective action. It is a self-learning system that uses data mining and machine learning techniques to generate not just answers, but hypotheses, evidence-based reasoning and recommendations for improved decision-making in real time.

Cognitive systems use analysis methods such as machine learning, clustering, graph mining and entity relationship modeling to identify potential threats. For example, cognitive identity analytics systems can learn personality traits from users’ messages, blogs, emails and social data, and then use those traits to predict whether certain users could be potential insider threats. This analysis, combined with users’ activity and access patterns, can help raise the alarm for system admins and then suggest possible actions they could take to address the concern.

Identity analytics makes IAM smarter by enhancing existing processes with a rich set of user activity and event data, peer group analysis, anomaly detection, and real-time monitoring and alerting. The net result is improved compliance and reduced risk.

Using identity analytics can help your organization embrace the future of IAM — a future that’s smarter, more effective and more secure.

Read the Forrester report

Are you interested in expanding your identity and access Management (IAM) solutions to include identity analytics? IBM Cloud Identity includes a multipurpose analytics engine that processes activity and entitlement data from a variety of sources, providing a 360-degree view of access risks with the ability to take action based on those risk insights.

The analytics portion of Cloud Identity is currently in beta and open to existing Identity Governance and Intelligence (IGI) and IBM Security Identity Manager (ISIM) customers to trial. For more information, or to get involved in this beta program, please contact Erika Weiler, Offering Manger for IAM at IBM Security.

More from Identity & Access

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

X-Force certified containment: Responding to AD CS attacks

6 min read - This post was made possible through the contributions of Joseph Spero and Thanassis Diogos. In June 2023, IBM Security X-Force responded to an incident where a client had received alerts from their security tooling regarding potential malicious activity originating from a system within their network targeting a domain controller. X-Force analysis revealed that an attacker gained access to the client network through a VPN connection using a third-party IT management account. The IT management account had multi-factor authentication (MFA) disabled…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today