Lessons Learned from Catastrophic Identity-based Attacks: The Unified Power of PAM, CIEM, and ITDR
The MGM '23 attack caused over 100M$ in losses and halted some of their operations. The Uber '22 attack resulted in complete loss of control of all apps and services. What is common to both attacks is that they were both Identity-based attacks. Existing identity security measures are ineffective for securing your cloud from a determined adversary. With a single credential and a bit of gumption, an attacker can utilize misconfigurations in your IAM and evade via blind spots in identity infrastructure and detection tools to compromise multiple systems across your environments.
Embark on a transformative journey with Delinea, as we delve into the unified force of PAM (privileged access management), CIEM (cloud entitlement management), and ITDR (identity threat detection and response).
Using the real-life examples of Uber and MGM, this session will cover:
· Common gaps in IAM security from MFA/SSO to IdPs and in between
· How to protect yourself from such attacks
· How attackers manipulate IdPs and other IAM configurations to establish persistency and escalation privileges