June 18, 2024
x minute read
According to Google Cloud’s 2023 Threat Horizon report, an astounding 86% of breaches involve stolen credentials. Earlier this year, Midnight Blizzard—a Russian-state sponsored threat actor—compromised high-profile email accounts, using them as a springboard to exfiltrate sensitive data. Just last week, Mandiant reported that data was exfiltrated from Snowflake customer instances in an attack by threat actor UNC5537 that originated from compromised customer credentials. It’s time we change our perspective on identity-based attacks and credential compromise from “if it happens" to “when it happens”.
Enter Microsoft Entra ID Conditional Access, a quintessential business enabler often relegated to an afterthought in security controls management. It enables IT to streamline business operations through SSO and app access. Yet, rich security authentication attributes frequently remain underutilized.
(Reader Note: While we focus on Microsoft Entra ID Conditional Access here, it’s important to recognize that similar considerations apply to other leading tools in the identity management space, such as Okta Adaptive MFA and SSO, Duo Security, ForgeRock, and Ping Identity. Each of these platforms offers unique features that enhance security and streamline access management, and they can be optimized in much the same way.)
To enhance your IAM security posture with Conditional Access, it’s crucial to fully understand the capabilities you’re licensed for, identify what’s currently being utilized, and leverage untapped features to mitigate risks.
Entra ID provides a range of sign-on attributes under both the P1 and P2 licenses, essential for mitigating credential compromise risks:
After assessing available features, focus on those with the greatest potential to mitigate risks. This understanding can help advocate for the deployment of specific capabilities to IT or justify ROI from a risk reduction standpoint when considering license upgrades (e.g. P1 to P2).
Consider a scenario with a P2 licensed organization aiming to block high risk sign-ins for users that are disproportionately attacked, but only if their login originates from an unmanaged device. Steps include:
After taking care of steps 1 and 2 (covered in our identity-centric approach to Tools Rationalization blog) we can use automation capabilities in Reach Quests to action on deployment.
Conditional Access contains simple yet powerful sign-on attributes that can be tailored to your business with a risk-based approach. Whether you're undergoing security tool consolidation efforts or embarking on an IAM hardening project, consider starting with a series of tailored sign-on policies that address risk where most breaches start.
Reach is a leader in Automated Security Control Assessment (ASCA) with its purpose-built AI-driven platform to reprogram your security infrastructure based on who you are and how you’re attacked. Going beyond traditional security assessments, Reach provides actionable insights and seamless integrations that transform findings into real-world defenses. By emphasizing the 'last mile' of security, Reach ensures that organizations get the best protection possible from the tools they already own.