身份威胁检测与响应解决方案指南
身份威胁检测与响应的出现#
The Emergence of Identity Threat Detection and Response#
身份威胁检测与响应(ITDR)已成为有效检测和响应基于身份的攻击的关键组成部分。
Identity Threat Detection and Response (ITDR) has emerged as a critical component to effectively detect and respond to identity-based attacks.
威胁参与者已经展示了他们破坏身份基础设施并横向移动到IaaS、Saas、PaaS和CI/CD环境的能力。
Threat actors have shown their ability to compromise the identity infrastructure and move laterally into IaaS, Saas, PaaS and CI/CD environments.
身份威胁检测和响应解决方案可帮助组织更好地检测其环境中的可疑或恶意活动。
Identity Threat Detection and Response solutions help organizations better detect suspicious or malicious activity in their environment.
ITDR解决方案使安全团队能够帮助团队回答“我的环境中正在发生什么—我的身份在我的环境中正在做什么”这个问题。
ITDR solutions give security teams the ability to help teams answer the question "What's happening right now in my environment - what are my identities doing in my environments."
人类和非人类身份#
Human and Non-Human Identities#
正如ITDR解决方案指南中概述的那样,全面的ITDR解决方案涵盖了人类和非人类身份。
As outlined in the ITDR Solution Guide, comprehensive ITDR solutions cover both human and non-human identities.
人的身份包括劳动力(雇员)、客人(承包商)和供应商。
Human identities entail the workforce (employees), guests (contractors), and vendors.
非人类身份包括令牌、密钥、服务帐户和机器人。
Non-human identities include tokens, keys, service accounts, and bots.
多环境ITDR解决方案可以检测并响应所有身份实体风险,例如从IdP到IaaS和SaaS层,而不是在特定层的分散级别上保护身份。
Multi- environment ITDR solutions can detect and respond to all identity entity risk for example from the IdP to the IaaS and SaaS layers, as opposed to securing identities in a fragmented layer-specific level.
核心ITDR功能#
Core ITDR Capabilities#
ITDR解决方案的基本功能包括:
The essential capabilities of an ITDR solution include:
为所有实体开发通用身份配置文件,包括人类和非人类身份、跨云服务层和内部部署应用程序和服务的活动。
Developing a universal identity profile for all entities, including human and non-human identity, activity across cloud service layers and on-prem applications and services.
将这些标识的静态分析、状态管理和配置与环境中这些标识的运行时活动配对。
Pairing static analysis, posture management, and configuration of those identities with the runtime activity of those identities in the environment.
监视和跟踪直接和间接访问路径,并监视整个环境中所有身份的活动。
Monitoring and tracking direct and indirect access paths and monitoring the activity of all identities across the environment.
编排跨身份提供者、IaaS、PaaS、SaaS和CI/CD应用程序的多环境身份跟踪和检测,以跟踪身份在环境中的任何位置。
Orchestrating multi-environment identity-tracking and detections that span identity providers, IaaS, PaaS, SaaS, and CI/CD applications to follow the identity wherever they go in the environment.
多环境高保真检测和响应,使组织能够在整个攻击面出现身份威胁时采取行动,而不是对基于单个事件的大容量原子警报做出反应。
Multi-environment high-fidelity detection and response that enables organizations to take action on identity threats as they manifest across the entire attack surface, rather than reacting to high-volume, atomic alerts based on single events.
有关ITDR功能的完整列表,您可以访问完整的身份威胁检测和响应解决方案指南。
For a full list of ITDR capabilities, you can access the full Identity Threat Detection and Response Solution Guide.
身份威胁用例#
Identity Threat Use Cases#
为了有效地防范身份攻击,组织必须选择具有高级功能的ITDR解决方案来检测和减轻攻击。
To effectively safeguard against identity attacks, organizations must choose an ITDR solution with advanced capabilities to detect and mitigate attacks.
这些功能应该解决人类和非人类身份的一系列用例,包括但不限于:
These capabilities should address a range of use cases for both human and non-human identities, including but not limited to:
帐户接管检测:检测表明身份已被泄露的众多变体中的任何一种。
Account Takeover Detection: Detect any of the numerous variants that indicate an identity has been compromised.
凭据泄露检测:识别并警告环境中使用被盗或泄露的凭据。
Credential Compromise Detection: Identify and alert on the use of stolen or compromised credentials within the environment.
特权升级检测:检测在系统和应用程序中未经授权升级特权的尝试。
Privilege Escalation Detection: Detect unauthorized attempts to escalate privileges within systems and applications.
异常行为检测:监视可能指示恶意活动的偏离正常用户行为。
Anomalous Behavior Detection: Monitor for deviations from normal user behavior that may indicate malicious activity.
内部威胁检测:识别并响应内部用户的恶意或疏忽行为。
Insider Threat Detection: Identify and respond to malicious or negligent actions by internal users.