Organizations are under ever-greater pressure to leverage new app technologies to drive competitive advantage and growth. Yet these ambitious plans all come crashing down if they can’t guarantee that modern IT systems are built on a secure foundation.
Security analytics that incorporate data from access control systems are a crucial tool in the arsenal for IT teams. But for security to be effective, it can’t live in a vacuum. That’s why analytics systems must contain feedback loops to continually revise and reassess risk.
Here’s a look at the role of feedback loops within a Zero Trust security environment, how they work, and how your organization can leverage them to level-up security.
Embracing Zero-Trust Security
The old certainties of the corporate perimeter evaporated long ago. While in the past, organizations relied solely on on-premises technologies like firewalls to keep corporate data secure, today the perimeter is in the hands of a highly dispersed, demanding workforce.
Your organization faces the challenge of developing defensive efforts to protect sensitive data and systems with minimal impact upon user productivity.
Unfortunately, many companies are failing. The Identity Theft Resource Center (ITRC) recorded over 446 million breached customer records in the US in 2018, a 126% increase from the previous year.
To reverse this trend, companies need a Zero Trust approach to security—one that requires IT teams to distrust every user, device, network, and workload by default, regardless of where they are on the network.
An integral part of maintaining an effective Zero Trust environment is to build up multiple layers of protection, all rooted in security data pulled from across the organization. At the heart of these efforts should be identity and access management data, alongside network-layer, application, cloud and non-IT data, plus external threat intelligence.
Security information and event management (SIEM) tools are a great resource for consolidating and analyzing this disparate data. But for any analytics-based approach to successfully provide the thorough visibility and agility that IT needs, it must be continuous and adaptive. That’s where feedback loops come in.
Creating feedback loops
Threat actors are constantly evolving their tools, techniques, and procedures. Security analytics systems must be agile enough to learn from the data they absorb in order to fine-tune detection models and improve decision making.
In this way, they don’t simply provide the analyst with a deluge of alerts based on historical information, but can empower IT to modify on-the-fly what they’re looking for to filter out the noise and pinpoint suspicious activity.
This is what we mean by a positive feedback loop: a vital requirement for security analytics, increasingly driven by innovations in machine learning and advanced modeling.
Feedback loops are not unique to IT security. They’ve been used to model and analyze everything from electrical machinery to athletics training. We can break the process down into four key stages:
1. Measure, capture, and store the data
2. Relay that data contextually
3. Use this information to illuminate the possible paths ahead
4. Take action based on this information
This concept is what Gartner broadly refers to in its Continuous Adaptive Risk and Trust Assessment (CARTA) model.
“We need security that is adaptive everywhere—to embrace the opportunity—and manage the risks—that come with this new digital world, delivering security that moves at the speed of digital business,” says analyst, Neil MacDonald.
According to Gartner, data analytics and automation are an indispensable part of any continuous risk assessment approach. Analytics pulled from access security systems are particularly useful because the attempted compromise of corporate accounts is often the first step in a complex, multi-stage cyberattack.
Harnessing user data effectively
Identity and access management tools provide vital data on users, groups, apps and devices that enhance feedback loops. This data shines a light on cyber risk and enables IT operations teams to mitigate that risk in real-time at the identity layer—rather than the network or device layer—before it’s impacted the organization. This is particularly important in Zero Trust environments, where identity is the single control point across users, devices, and networks.
With tools like Single Sign-On and Adaptive Multi-Factor Authentication, you gain visibility into who is accessing corporate data, as well as how, when, and where they are accessing it from. With this context, you can choose to enforce an additional factor or lock them out completely. Okta’s tools continually evaluate and adapt to evolving risk patterns in order to maximize corporate security efforts. That’s positive feedback in action.
With this constant stream of critical user access data, IT teams can make informed, proactive decisions both to minimize false positives and security risk. Ultimately, this means not only being able to repel cyber threats, but also building a more strategic, business-aligned security function capable of supporting the enterprise.
As organizations move towards a Zero Trust model of security, identity data has become a critical indicator of cyber attacks. Learn more about identity system data and how to effectively log suspicious behavior in our whitepaper: Leveraging Identity Data in Cyber Attack Detection and Response.