Identities face relentless threats, with attackers often outpacing defenders in speed. Their rapid tactics give them a breakout time of 84 minutes (according to CrowdStrike’s 2024 Global Threat Report1), making the fallout from an identity breach both significant and costly. To counteract these identity-based attacks, Rezonate has launched real-time, identity-centric risk profiling. This innovative approach provides dynamic, holistic risk scoring for users and machines and proactively and swiftly addresses security issues and misconfigurations, effectively mitigating risks before attackers can exploit them.
With an average breach identification time of 204 days2, Rezonate’s solution addresses the complex challenge of access management and sophisticated attacks, for real-time risk assessments and prioritizing remediation efforts.
This feature revolutionizes organizational security by integrating real-time risk profiling across identity providers, cloud infrastructure, and SaaS applications, enhancing visibility and preemptive threat neutralization. It reduces attackers’ opportunities and fosters a shift towards proactive security management, establishing a new benchmark in identity security.
This article outlines how it works, key capabilities, benefits it delivers and gives a few scenarios to bring it to life. Let’s dive in!
Get Ahead of Identity-based Attacks with Rezonate’s Newest Feature
Managing identity security controls, and who gets access to what across your identity provider, cloud infrastructure, and SaaS applications is getting tougher by the day, especially with everything moving so fast and so many human (and non-human!) identities to keep track of. Add to that the fact that attackers are getting more sophisticated leveraging stolen credentials and using every possible technique to login quietly and go unnoticed for months (the average time to identify a breach last year was 204 days1).
The situation is a CISO’s nightmare because, most of the time, access is being managed in siloes by different teams and tools. Trying to keep up with all of the privileges, security configurations, conditions, and associated risks is an impossible task if you don’t have a way to score and prioritize that risk.
That‘s why we’re very excited to announce our latest feature: Real-Time Identity-Centric Risk Profiling. It’s a game-changer for staying on top of all this complicated access. This new feature enables security teams to get ahead and act faster than attackers. First, it proactively removes misconfiguration and vulnerabilities before attackers can exploit them, and second, it quickly limits access in case of an attack.
With the identity-centric risk profile, Rezonate customers have a powerful metric that pinpoints the most dangerous and vulnerable users and machines. The risk score is dynamic and moves up or down as access changes happen in real-time.
Spot and mitigate security misconfigurations that increase the risk of identity takeover.
Armed with this level of visibility, users can quickly and easily remove or remediate the risk before hackers take advantage of it. Security teams can use the identity-centric risk score to prioritize efforts and as a common metric to drive security posture work assigned to IAM, DevOps, and IT team members.
Let’s dive into the problem we set out to solve with this new feature, explore a few use cases, review the benefits of the identity-centric risk score, and how you can access this feature now.
Challenge: Lack of Visibility into Identity Risk Levels and Changes Impacting Risk
As a security leader, one of the most precious security assets you are tasked with protecting is user/machine identities. Hackers see them as easy targets and consistently use various methods to compromise their accounts, exploit their privileges, and execute their malicious intents.
You have plenty of human and non-human accounts or identities to protect: they connect to hundreds of SaaS Apps (via email SSO, identity providers, or directly) and thousands of cloud infrastructure resources (on AWS, Azure, Google Cloud Platform, and Oracle Cloud Infrastructure) and go through multiple security products along their access journey.
You likely receive attack alerts, audit findings, or security requirements from many directions. Yet, you simply lack visibility into some of the systems and applications, and you don’t have the controls to all of them either.
Various bits of information such as level of access, activity privileges, security controls status (password strength and hygiene, proper MFA, recovery protocols, etc.), active threat insights, and more are spread across systems. These siloes of information are not accessible to your teams and slow your team in the constant race to remove misconfigurations and mitigate poorly secured identities, making it difficult to proactively protect identities and access.
While identity providers, cloud, and SaaS vendors suffer from blind spots and a lack of context about identity security and behavior before/after users and machines access their services, Rezonate provides one integrated risk score per identity across all these platforms.
IAM, DevOps, IT, and SecOp teams are all involved in this mission and see only their piece of the puzzle. How will you know there is a problem, and how can you rally the troops across the same objective?
Enter Rezonate Real-Time Identity-Centric Risk Profiling
This new feature enables security teams to spot and mitigate risk elevations due to changes in identity security configurations, privileges, behavior, and threat insights in real time before attackers exploit them. It can also serve as an alternative to quarterly identity compliance and best practices for security posture check-ups. In a world where controls and behaviors are changing frequently and their management is broken across teams, the new identity-centric risk profile feature is key in optimizing threat and risk management.
Rezonate’s Risk and Mitigation Engine aggregates the status of all the security and access controls across every platform for identity access, correlating it with the level of access (effective privileges), behaviors, and external/native threat insights we have on that identity. A risk score is assigned.
Using this risk score, security teams are quickly alerted to any adversarial change. They can integrate these alerts with other tools or use Rezonate for auto-mitigation of misconfigurations, limit access until the risk is removed (zero-trust), and prioritize security operations around the riskiest identities.
Identity Risk Profile – Core Capabilities Unveiled
- Real-Time Risk Score: This powerful metric empowers customers to pinpoint the most dangerous and vulnerable users and machines (robust but poorly secured) in real time. With this visibility, Rezonate makes it easy to rapidly remove or remediate the risk before hackers take advantage of it. Security teams can use the identity risk score to prioritize efforts and as a common metric to drive security posture work assigned to IAM, DevOps, and IT team members.
- Risk Monitoring and Risk-Over-Time Tracking: An intuitive timeline captures significant risk-related changes, including new and resolved exposures, threats, and changes in privileged status or sensitivity. This feature aids in the quick identification and understanding of critical risk factors.
- Risk Remediation Guidance: Tailored recommendations for enforcing security controls are provided, highlighting actions to significantly reduce identity risks. The intelligent analysis of the risk profile pinpoints areas where implementing security measures, such as Multi-Factor Authentication (MFA), will have the most substantial impact on reducing identity risk. By emphasizing the urgency and importance of specific controls, Rezonate ensures resources are allocated efficiently, strengthening identity security resilience where it matters most.
6 Key Benefits of Real-Time Identity Risk Profiling
Here are just a few of the challenges we set out to address for our customers with this release:
- Protect identity at scale: Moving to the cloud expands access quickly and managing access and identities in the cloud and across SaaS applications is not easy. Rezonate helps automate and streamline your efforts with a metric to monitor and measure.
- Become attack resilient: With this feature, customers will be better protected against attempts to breach and abuse their privileges – and they can respond fast enough so that if they are breached, the damage will be non-existent or quickly contained.
- Enforce continuous and persistent protection: Hackers don’t work 9 to 5. Rezonate protects customers at scale, any time, and all the time, as users and environments are changing all the time and attackers are continuously trying different methods to target them. The identity risk score is dynamic and refreshes based on changes in the environment.
- Focus on privileged and power access: Those with the keys to the kingdom are the most coveted and are the biggest targets for hackers. Customers need to be able to protect their users with privileged, admin access and access to sensitive assets first and foremost. This feature helps identify them faster and implement the proper controls to protect them.
- Prioritize protection and remediation efforts: Knowing where to start is key to mitigating the greatest risk in the shortest amount of time. Identity risk profiles make it easy for customers to know who to protect first, if/when they are under attack or at risk due to misconfigurations.
- Automate with risk-aware intelligence: Automation can create risk when it’s not informed or guided by policy and context. Rezonate users benefit from automated remediations and access controls that are risk-driven and context-aware. This helps to ensure only the right people access the right resources.
How Identity Risk Scores Are Calculated: A Closer Look
Rezonate real-time identity-centric risk scoring revolutionizes how you perceive and handle security risks by offering a comprehensive, real-time risk profile for every identity in your organization, whether human or machine.
Much like a financial credit score for consumers, the identity risk score delivers a critical risk assessment, ranging from 1 (no risk) to 5 (critical risk), for each principal identity. This innovative score reflects the likelihood of an identity’s security being compromised alongside the potential severity of such a breach. It’s based on user behavior, power (privileges), posture, and active threat insights to help you understand who are the most risky identities in the organization. Additionally, Rezonate provides remediation playbooks and automation to ensure those risks are quickly removed or remediated on the spot.
The risk score is based on identity insights derived by Rezonate through real-time identity and access data (including policies, roles, security controls, etc.) and millions of events and activities streamlined and correlated from your multi-cloud infrastructure, SaaS, and identity providers.
Calculated and reflected in real-time, the risk score signifies both the susceptibility and the impact of a user account or machine identity to compromise and cause significant damage to your organization.
Rezonate’s risk formula is simple yet powerful, guided by four critical factors:
- Effective privileges: How strong and powerful is the identity?
- Access to sensitive assets: Does the identity have access to apps, resources, accounts, or privileges that are labeled by the platform user or Rezonate itself as sensitive?
- Security posture level with your existing security tools: Do the user authentication and authorization controls and configurations align with best practices and organizational policies? Is their password strong and not too old? If their MFA is configured with a strong password, their sessions are monitored with limitations and more than 150 security controls and privilege management practices
- Active attacks or threats: Is the identity compromised or under attack? Rezonate considers the identity’s current threat exposure with threat intelligence and, of course, leveraging Rezonate’s advanced threat detection and response capabilities. From data exfiltration and cloud resource depletion to encryption and extortion purposes, Rezonate identity risk scores equip you with the knowledge to prevent these threats.
Rezonate identity-centric risk profiling goes beyond mere assessment. It actively integrates with your existing systems, such as SIEM, XDR, IR, and more, alerting them to any risk elevation. Rezonate offers actionable insights to effectively lower the risks. Customers can mitigate risks through Rezonate or by using external tools, ensuring real-time validation from Rezonate when threats are neutralized and removed.
Real-World Scenarios: Identity-Centric Risk Profiling in Action
Now, let’s examine how identity-centric risk profiling works for 3 different user profiles. Below we break down the job function, and risk factors that contribute to the risk score, and identify the remediation techniques that Rezonate will automate as a result of the risk profile based on predetermined playbooks and policies.
User | Role | Risk Factors | Remediation Recommendations |
Melanie Meyer IT Administrator ||||| Critical Risk | New IT administration intern who has worked for the company for four years. As an admin, she has strong access to AWS, Okta, and Snowflake, but she has some security issues. | Privileges: High Super Admin in AWS, Snowflake, Okta, and 12 more apps Sensitive Access: High 12 apps, 15 cloud accounts, 23 DB tables Security Posture Level: Low Password: Weak, 120 days old Targeted / Compromised Highly Targeted Failed attempts to password spray and brute force her accounts in the last 30 days. | – Add conditional access to the usage of strong admin privileges. – Strengthen MFA to a strong factor – Change and strengthen Password – Remove access for eight unused sensitive apps. |
Vadim Milnkovsky Data Engineer |||| Medium Risk | Developer/data engineer with access to the Microsoft Azure Cloud account and Snowflake. He has limited privileges, logging in to the cloud/SaaS via a corporate Google email account with no MFA, and there were a few fishing attacks. | Privileges: Standard Sensitive Access: None Security Posture Level: High Weak password, NO MFA Targeted / Compromised None | – Strengthen password – Enable strong MFA if user accesses assets that are labeled as sensitive – Federate the user through Okta or Entra ID, and ensure Dev Apps are not directly assigned to him |
Richard Grace External Service Provider ||||| Critical Risk | Cloud infrastructure consulting and service provider. | Privileges: High Sensitive Access: HighFull Admin on AWS and Azure Security Posture Level:Unknown, external login Targeted / Compromised There are abnormal admin activities in this account. | – Federate the user ASAP and add MFA – Add conditional access with short sessions, geo-fencing, and security questions for AWS and Azure SSO Access – Remove excessive privileges – Investigate suspicious activities with Rezonate ITDR |
Setting a New Standard in Identity Security: Understanding Key Risk Factors and Prioritized Remediation
The identity-centric risk profile offers an unmatched view of risk levels, historical data, and causative factors. This unique, advanced feature enables security teams to fully grasp the current risk level, contributing factors to the risk score, how the risk is structured, and why it’s important. Rezonate is also the only solution to help users prioritize which risks they need to remediate first and why, and to actually remediate risk from the platform.
Here’s a quick demo to help you see how Rezonate’s identity-centric risk profile can transform your approach to identity security posture management and risk mitigation:
This feature is available now.
Request a demo to see it in action.
References
1 – CrowdStrike: Global Threat Report 2024.
2 – IBM: Cost of a Data Breach Report 2023.