In the ever changing and complex cloud infrastructure landscape, organizations must not only protect their cloud infrastructure and applications from external threats, but also secure them from internal human and machine identities through the practice of Cloud Identity Entitlement Management (CIEM).

Managing identities presents multiple challenges, ranging from the need for thorough auditing and generating compliance reports, to proactively identifying and mitigating risks associated with “high-privileged” identities.

Working closely with security leaders we learned that there are several reasons why managing and securing identities can be a difficult task:

  1. Difficult discovery
    Understanding cloud exposure includes constant discovery of identities across cloud infrastructure, applications, third-party keys and tokens, and service accounts of internal team members.
  2. Understanding who has access to what
    Compliance and auditing efforts require organizations to understand and dynamically monitor which human and machine identities have access to what resources.
  3. Continuous monitoring
    Effective identity security requires constantly removing stale or unused identities and identities with unnecessary access, tightly monitoring highly privileged identities, and proactively ensuring that identities are not compromised or granted abnormal permissions.

Bridge the intelligence, See the full picture –
from the IdP all the way to the cloud resource.

Securing identity usage in the cloud requires a deep understanding of the entire lifecycle of each identity starting with Identity Providers (IdPs). Understanding who has access to what and identifying risky or overly broad permissions requires aggregating a wealth of information from the Identity provider, Cloud Identity Access Management (IAM), and even platforms such as Kubernetes configurations.

Screenshot-2024-04-10-at-6.08.27 AM-1024x727

Introducing Upwind’s Identity Security

We are excited to introduce Identity Security in the Upwind Cloud Security Platform, providing Upwind customers with the ability to discover human and machine identities across clouds. 
Understand who has access to what, automate actions to remove stale access, and achieve least privilege access across your services.

Upwind leverages runtime context to identify all identities with cross-account permissions and analyzes every workload, resource and platform to identify if lateral movements can be performed.  By giving organizations this deep identity context and identity risk assessment, Upwind simplifies identity management, streamlining auditing and compliance while reducing the attack surface with strengthened Cloud Identity Entitlement Management. 

Frame-29991-1024x610

Upwind Identity Security provides a robust management and security for identities, including:

  • Visibility
    Executive reports for compliance and auditing
  • Finding the Most Critical Risks
    Analyzing and finding risks – Reduced attack surface with proactive resolution for high-privileged identities.
  • ITDR- Identity Threat Detection & Response
    Sophisticated identity-related threat detection and mitigation

Identity Security Use Cases

With Upwind’s Identity Security, customers will now have the ability to discover all of their human and machine identities, correlating that information with runtime insights to understand overall user permissions and behavior, as well as to classify and prioritize any associated risks.

Screenshot-2024-04-04-at-1.03.06 PM-1024x352

Visibility and Understanding of Human and Machine Identities 

In Upwind’s Inventory module, you can now view a list of all of your existing human and machine identities. This will include relevant context such as permissions and a risk assessment to evaluate whether their current permissions are “needed,” “highly privileged,” or “overly permissive.”

Beyond viewing all of the identities, you will also be able to generate a full report of all identity security data and easily understand each identity’s associated permissions, including identities associated with a single sign-on such as Okta.

“Upwind’s ability to not only identify and provide visibility into identities but also baseline their behavior has provided us with a new level of identity understanding. Using Upwind, we have been able to eliminate risky privileges, reduce the attack surface and streamline compliance.”

-Roy Halevi, Co Founder & CTO at Intezer Labs

Risky Permissions and Identity-Related Threats

Upwind’s Identity Security capabilities will also inform risk prioritization and threat assessments, which are viewable across several components of the Upwind platform. This looks not only at which resources identities have access to but also allows you to see these permissions in the reverse, starting from the resource. By looking at an individual resource and working backward, you can quickly identify related roles, policies and services and get a complete view of resource risk.

Screenshot-2024-04-04-at-1.02.05 PM-1024x539

This identity context will alert you to findings including:

  • Risky identities that aren’t posture compliant 
  • Highly privileged users in posture and threat findings
  • Threat detections that include identity activities, including lateral movements
  • Vulnerabilities that should be prioritized based on highly privileged identities

This context is crucial in not only hardening your cloud security, but also in understanding potentially abnormal or malicious user behaviors. 

Having this visibility of user permissions and understanding baselined identity behaviors makes it easy to rapidly understand abnormal behaviors and prevent potential attacks.

Learn More About Upwind Identity Security

Leverage Upwind’s identity and runtime context to easily understand the role identities play in cloud security and streamline your prioritization of identity-related risks and threats.

For more information on Upwind’s Identity Security, visit the Upwind Documentation Center (login required).