Feedback. So my name is Alexandra Weaver. I am a solutions engineer with Netrix.Netrix is a cybersecurity and compliance software company that helps organizations secure sensitive data, mitigate insider threats, and maintain regulatory compliance while providing visibility into their environments, cloud, on prem, hybrid. At the center of this, whether it's data protection, threat protection, or compliance, is identity. Because if you can't protect your identity, then you can't protect your data. And that's what I wanna talk about today. So let's look at our agenda. So I wanna talk about the importance of managing and monitoring access. This is important because it's tracking and auditing the identity. I wanna talk about the zero trust security model, something we're hopefully all working towards. This offers a constant mechanisms to verify and validate the user and the system is who they say they are before access is granted.

Then I wanna talk about how do we account for the attack surfaces growing, expanding at just a rapid rate, so the Internet of things. How do we keep the identity secure when these attack surfaces are expand expanding at such a high rate? Then I wanna talk about the importance of identity and access management, IAM. Right? That ensures that the right people, the right systems have the right access to the right resources at the right time, and also looking at least privileges and including that. So identity is the foundation of security. We know that the network perimeter has changed. It's no longer the old school. Now it's anywhere, anytime, and on anything. And you can see that really at the core, at the center is the identity. That's our control plane. That's really the new network perimeter.

And we don't just have identities as employees or vendors. We have contractors, administrators, customers, service accounts. We have a myriad of identities in our environment that we, as AD administrators, as security administrators, as good corporate citizens, have to protect. And that's really critical. So we wanna make sure that we're able to do so and what are we putting in place to secure the identities. Now if we circle back to our employees, we're generally talking about the workplace. 57% of employees reuse work passwords. That's deeply concerning because we know that that password is being used on other applications, whether it's social media or their banking or their personal email. That puts us, our corporation, our organization, our entity at risk because that password is being used.

While identity is the foothold, that control plane, the password is really that first lock on the entry point on the door. And we have to make sure that we help our users keep that safe. And I know passwords are a difficult thing. They're the bane of every network administrator's existence. The one thing that we have to consider in this is we as administrators, AD administrators, is that the average user has around 200 passwords. That is a lot of passwords. So how can we help them? Another thing I'm a strong proponent of is a password management utility for users, which makes it easier and helping them to configure that. So let's look at the identity. Several different leaders in the industry, like Gartner, recommends focusing on strengthening and leveraging identity fabric.

That's the way in which they can, we can manage and protect user access to sensitive data and applications. That's critical. Again, it's expanding on just the identity, but also managing, protecting, and looking at the endpoint to protect our data. Jen Easterly, the former director of the CISA, said that identity is the new security architecture. So, really, what we wanna focus on here is rather than the traditional perimeter, based on security, we need to secure access to resources and systems. We need to have some mechanisms in place that are doing that verification and that constant checks of controlling who has access and the level of access and where. So this is where cybersecurity companies and leaders in the industry are realizing the importance of identity.

I've just called out a few here, but identity security is a linchpin of modern cybersecurity frameworks. One is the NIST framework, and this framework developed by, we know who, the NIST, the National Institute of Standards and Technology, outlines a structured approach to cybersecurity risk management. The identity function within the framework focuses on the understanding of an organization's assets, including users and their roles to assess risk and implement appropriate controls. Then we have the ISO, the 27,000 plus one. This international standard provides another framework for maintaining security, and it concludes controls to access, right, and to authentication, the auth n, and authorization, that auth z, all critical components of identity security. And then we have the zero trust security model.

This emphasizes that no user or system should be automatically trusted and that it requires continuous verification of that identity and of that system before granting access. And that's really the key here is before access is granted. The key takeaway is identity is critical and to take it a step forward, focusing on that authorization, the auth or auth z, excuse me, the access, where users are going. Are you able to block access? Are we tracking that access? Are we monitoring? Are we alerting out? Do we have the ability to roll back? Because once an environment is breached, it's all about that cybercriminal moving laterally throughout our environment. And do we have any way of spotting that type of movement? Now here, talking about identity, how do we protect our identity? We have several different ways in which we can do this. One is MFA, multifactor authentication.

That's another level of authentic or verification beyond just passwords, password policies. I mentioned earlier it's the bane of the everyone's administrator's existence, and it really is. To get on my soapbox, it's so important. It really is the necessary step to protect that identity, and it does come with a little bit of friction with our users. Until we're at that passwordless state, we wanna make sure that we require strong passwords or pass phrases. And, again, providing, a mechanism such as a password vault is really helpful for our users because, hopefully, it can reduce that friction so users don't mind having a longer password because they have that autofill. Right?

We wanna make sure that we have least privilege access in place, and that's where the just in time, the JIT, or just enough access is important to put in place. Those are things as AD administrators that we can do. We wanna make sure that only the level of access that is needed is given and then nothing more. It's also important to have monitoring and tracking on that least privileged access and a way to see if things are over permissioned in your environment. Another important component of protecting your identity is PAM, privilege access managing. That's secure monitoring, admin, and elevated access. That's really limiting your identity exposure, reducing your attack surface, enforcing these privileges, and monitoring the access. Right? It protects the identities. It helps secure the identities. We wanna make sure that we're protecting our elevated accounts because, obviously, those have a lot of access.

And then CAPS or conditional access policy, that is definitely a more modern identity security that enforces context aware controls that go beyond the simple username and password. So instead of just granting access, they're evaluating conditions that must be met under which access is being requested and then obviously responding appropriately. Now let's look at why we have to protect our identities. We know that social engineering tactics have only gotten better and that's so unfortunate. I feel like this is, ways in which great minds are used for evil, and it's frustrating to see. But this is now part of our ecosystem. We know we're gonna get text. We know we're gonna be targeted. We know there's gonna be bad links in our email. So part of that is educating our users, but also that comes back to that password policy that's really the frontline of defense and protecting that identity.

Kevin Mitnick, one of the greatest hackers turned white hat, Social engineering attackers don't have don't have to attack your system. They just have to hack your users. And then Gartner, leading industry first, leader in the cybersecurity space, reports that an average employee has about three devices to perform their work tasks. So we need to be able to spot these credential thefts and abuse of permissions when it happens, and that's why monitoring is so important in our environment. So managing and monitoring access, this ensures that only authorized individuals have access to specific resources. That's really what we want. We don't wanna have over permissioning, but we also wanna make sure that we're monitoring for that. Identity addresses the potential security risks, you know, access management management, defining and enforcing rules, right, determining the access, access monitoring, that's tracking user activities and patterns, and endpoint detection monitoring, That's protecting and managing endpoint devices, which is now a critical component of identity security.

And then finally, data protection, safeguarding data from unauthorized access. All of these are very important because it is a way in which we can address potential security risk and controlling who has access and safeguarding sensitive data. The bottom line, if you can't control and monitor how identities are being used in your environment, then you can't secure them. So another way to think of this is what I call the four pillars, to strengthening identity security. So I like this because I think it's very clear that all four of these components, that access management, that access monitoring, and endpoint detection, data protection is gonna help protect your identity. Right? The access management is who, what, when, how. The access monitoring, how identities are being used. Endpoint detection prevents or protects the devices that identities operate from.

And if the endpoint is compromised, then that identity on that device can be hijacked. Right? And that's critical. That device is critical in trusting that identity. Data protection secures the information. And even if accesses are in place, identity still pose that risk if the data isn't protected at the source. The core element of cybersecurity and compliance is ensuring that data remains private, available, and accurate. Identity means access, so it's gotta be protected. Access has to be protected. So identity equals access. I put that at the top because I think that is so true because everything is reliant on identity. And modern attacks target identities attack stores like Active Directory. And Active Directory is run by Fortune 500 companies in 90%. So we know it's prevalent out there. And why is it so targeted? Unfortunately, because it works.

Active Directory is 25 years old, and we have to remember that it it, hasn't been secured as it should be. Now think about when it was rolled out. There wasn't even the cloud. Right? There wasn't Entre. There wasn't tenants. All of these things that are are that exist now. So we have to find ways in which we can secure active directory because we know social engineering tactics are only getting better. They're part of our ecosystem, and threat actors are exploiting exploiting weak identity controls. They're making it or we're maybe making it a little too easy for them. So the key takeaway here is, again, controlling that identity. If we give that up, then someone else can gain control and access in our environment. And the way in which we can prevent that is monitoring access or and preventing compromise. That's really important for us to do.

And then that's active directory, our main active our main data store. Right? That's the keys to the kingdom. That's what we wanna protect. So we know that attackers don't buy don't start by going after our data directly. They work their way in. And this is a good place to stress the importance of a multilayered approach, protecting the data, the identity, and the endpoints. Cybercriminals begin with identity, the compromised accounts elevating permissions, moving laterally throughout your network and stealth, not being recognized or caught. Unfortunately, they're very, very patient. Right? They always wait for a Friday after work. They're exploiting the endpoints. They're targeting misconfigurations and unpatched systems. And finally, they're reaching that data. That's the end goal. Our it's our organization. No matter what vertical market you're in, that's your most sensitive asset.

So you have to strengthen endpoint security indirectly by monitoring endpoint behavior, privilege use, and access activity. That's really the key here. Another leader in the industry, Forrester, says that endpoints are the new battleground in cybersecurity and managing them effectively is crucial. That's really important to stress because it's not just the identity, it's the endpoint. We have to be able to monitor those things and keep them secure. If we can't trust the device, we can't trust the identity coming from it. So we wanna make sure we're able to track user log on and log offs to workstations and servers, monitoring local account activity, software installs, configuration changes. We wanna have alerts for abnormal endpoint activity. We also wanna be able to audit local administrator accounts and remove over permissioned, right, or unauthorized access.

And we wanna be able to enforce just in time administration where it's just the amount of access needed for that specific time period. Now I'd mentioned earlier the zero trust security model. This is really that constant verification and validation that a user and device is who they say they are before granting resources and access to the resources. It's really a change from trusting everything in your network perimeter to verifying everything, reducing that level of trust. So zero trust relies on identity verification, least privilege access, continuing mon continuous monitoring, and identity based, author authentication. So we wanna make sure that we can put this in play.

We wanna make sure our users are identities, verified, and then access is granted to only the resources they need. We also wanna make sure that continuous monitoring is place in place so we can get device posture to detect and respond to potential threats. And access as we know identity based authorization, access resource is verified by that user's identity. And this ensures that the trusted internal users are subject to the same access control as external users. Right? That's a security process that we wanna go through. We wanna make sure that it's based on identity credentials, username, passwords, biometrics, certificates before granting access. The zero trust model or framework as it relates to identity means prioritizing strong verification and authorization of every user regardless of location and doing that constant checks and verification to minimize the risk and increase security in your environment.

Sounds easy. So there's a couple different quotes here on zero trust security models and the importance of and or I think the stress the the takeaway for me is that organizations that implement this zero trust model not only cut breach costs, which I know those numbers are important to management, but also contains threats faster.

And that's a real key takeaway for us. I think that's really important. So institutions, organizations, etcetera, that are zero trust model security adapters, they're prioritizing identity governance, continuous authentication, and role based access. Right? They're only proving by putting these methodologies in place that securing the identity is essential to reducing the risk in the environment. Again, zero trust, which is that continuous verification, the least privilege, real time behavior monitoring, and microsegmentation. So some of those that we can put in place on our own. I think that's really important. Attack surfaces. Wow. Think about this. Just IoT, the Internet of things. This is absolutely insane. 18,000,000,000, I mean, mind blowing to me. I can't really fathom that, but I do understand a 13% increase, right, from the previous year.

So the recommendations here are, we have things that we need to do and everything we can do, we should be doing. Right? Implementing strong IAM policies, readily patching and updating, trying to top tie everything back to identity, layered security model. We talked about microsegmentation. I really mentioned it just a minute ago. That's something we can be doing. That continuous monitoring and managing and then implementing that zero trust security model. I didn't put in all vertical markets. I just put in a couple because I think these were such large scale profound changes. Health care, for example, you think about the average bed in a hospital has 10 to 15 devices, right, attached to that bed. Well, generally, they're not, net they're networked. They're critical endpoints. Right? And they have health care associated to patient care, but how is that tracked? There's not usually an identity associated with that. So that's concerning. Right?

It's usually identity we device identity is often weak or nonexistent. There's no user level authentication. So what do we do? We try to assign identities to these devices. We try and use network segmentation and implement the zero trust security model when we can and have that continuous monitoring. And we look up at smart cities, think about traffic cams for, emergency response systems. Same thing there. Right? There's all these security risks. Our attack vectors are exponentially growing. We really need to make sure that we can lock things down regardless of whatever vertical market we're in. The other one I put in is a tax service more related to, I would say general business. Right? That's just air quotes there. But that's where we see a lot of cloud sprawl, federated identity tax, and then that lateral movement and increased of OAuth and token based attacks, right, and bring your own identity.

Now it's bring your own device. I think a lot of that is happening or has happened. And then we know there's shadow admins and privilege creep. The key insight here is identity becomes that new perimeter. Every identity, human or machine, becomes a potential breach point. The attack surface has to evolve from where is this device to who is this user, what are they accessing, and how are they proving their identity. So we know that this is the attack surface is expanding. That primary target is still that identity. So we have to protect our identity and implement identity centric security controls to monitor identity activity. Identity and access management. This is critical to security. Right? Because, again, this is ensuring that the right people or systems have the right access to the right resources at the right time and for the right reason.

It enables visibility and control over user behavior, allowing organizations to detect anomalies and enforce least privilege, and then most importantly, respond to threats before they escalate into breaches. So the core components of identity management, I'm not gonna read these all, but I wanna make sure that everyone is aware that I'm is really the backbone of identity management and security. It ensures that a digital and gen, identity in our environment is accounted for and that authentication is that first line of defense and that we're able to protect it in a bunch of different ways. Again, we're talking about granting access only to roles and attributes, verifying those identities, reviewing who has access, restricting and monitoring elevated permissions, and then looking at putting SSO or multiple systems in place with just one login capability, which I think, again, can help ease some friction with our users.

Identity and access management. We know that organizations are increasing IAM investments to combat rising threats like ransomware and credential threats. We know nearly one in fake three data breaches involved identity threat theft. Excuse me. So that really showcases the importance for IAM. Right? And we also know that a lot of breaches are due to human error, and that's truly unfortunate. We know we need to protect our identity, and there's different ways we can do this. I am on LinkedIn. I know I'm out of time. So, please, when you get a chance, I'd love to connect and talk more about securing your identity and your endpoints. Thank you so much.