How Intelligence Enhances Your Cyber Security

Posted by Emily Turner- Product Owner, Access Insight on Thu, May 05, 2016

If you are reading this blog, you most likely understand the benefits of adding identity and access management (IAM) solutions to your business. However, what if you could make that solution better, faster, and help you become proactive instead of reactive? You can! Just add intelligence.

Adding intelligence to your IAM solution can turn complex data into actionable information and find trouble spots, as well as high risk areas. It can compare across roles and with peers, as well as investigate high-risk individuals, groups, and situations. 

Adding Intelligence

By connecting with an organization's applications and collecting information, IIAM solutions continuously monitor information about identities and collect data related to resources (including applications, databases, and files), access rights, access policies, and user activities such as creating accounts and logging on to applications.

This information, which may amount to gigabytes or terabytes of data, is organized in a data warehouse, as seen in Figure 1. Identity and Access Intelligence (IAI) is applied and analyzes the identity and access data using advanced analytic tools to perform data mining, statistical analysis, data visualization, and predictive analytics.

1.pngFigure 1: Data Dissemination capabilities when using IAM 

These data analysis tools aren't generic. They draw on IAM­ specific policies, rules, and risk indicators to provide information of immediate value to IAM administrators, analysts, compliance officers, and incident responders.

An Intelligent IAM solution provides the following:

  • Reports and graphics showing IAM activities and risk factors
  • Notifications and alerts about policy violations and suspicious event Can we show alert screen?
  • "Micro-certifications" triggered by questionable activities and events
  • Automatic remediation , such as removing entitlements and disabling administrator accounts obtained without approval
  • Risk scores that can be shared with provisioning systems and other applications (for example, a score that can be used to determine if special approvals are needed for a provisioning request)
  • Ad-hoc reports and analyses, created by analysts to explore specific issues and risks

These capabilities allow Intelligent IAM solutions to help organizations overcome the governance gap, the complexity gap, and the context gap.

Rapid Response: Turn Complex Data into Actionable Information

An Intelligent IAM solution should not only be able to monitor key data continuously, but also it should provide a flexible range of options for rapid response and remediation. In most cases, the appropriate  option  is a notification  or alert  to a  staff member who  can investigate  and  determine whether  or not the alert represents an issue that requires follow-up. 

In other cases, a specific action should be triggered, such as a micro-certification, or even automatic remediation. In all cases, the solution should not only provide notification of a possible violation or issue, but also it should provide related data, and  if possible recommended actions to make it easier to address the situation. The solution can also improve security analysis and risk management.

                                              Finding Trouble Spots and High Risk Areas

Privg_accts.pngAn Intelligent IAM solution can pinpoint trouble spots, weak points, and quickly answer key questions such as the following: 

  • Which accounts have the most privileged entitlements and haven't reset a password in hundreds of days?
  • Which individuals have the highest number of access rights when compared to peers?
  • Which business units have the most orphan accounts?

An Intelligent IAM solution can provide answers to questions in seconds, helping security and IAM analysts to:

  • Quickly detect potential indicators of attacks and security breaches (for example, a user account receives privileged access directly to a target application)
  • Focus their efforts on high-risk situations (f or example, accounts with many privileged entitlements that haven’t reset their passwords in over 90 days -check out Figure 2-3)

 Comparisons across Roles and with Peers

An IAM solution can correlate data to compare users with others in the same role, or with any individual in the organization who might provide a useful benchmark. Analysts, business managers, and resource owners can answer questions like “Does John Smith have more access rights than other financial analysts?" and "How do the access rights available to John Smith compare with those of Jane Jones and William Brown?"

These comparisons are extremely useful for assessing new access requests from individuals, for identifying excessive rights that accumulate when people move through different positions, and for highlighting outliers that may indicate a process problem or a misbehaving user.

Comparisons with peers also have the advantage of giving enterprises a way to identify elevated access (and risk) with­ out the expense of a major initiative to define and manage roles.

Investigating High-Risk Individuals, Groups, and Situations

With an intelligent IAM solution, you can investigate and analyze high-risk individuals, groups, and situations, as well as compliance violations. This process makes it easier to answer questions like the following:

  • Are there domain administrator accounts whose pass­ words have never been changed?
  • Which non-sales systems has this salesperson been accessing?orphaned_accounts.png
  • Is anybody accessing patient medical information with­ out a genuine "need to know"?
  • Which accounts with at least five entitlements haven't been used in more than 30 days?
  • Does this account have a suspicious number of privileged entitlements?
  • Should part-time employees receive all the access rights they are routinely granted?
  • Do contractors continue to access resources after their projects end?
  • Are system administrators routinely assigned rights they don't need to perform their jobs?
  • Does this business unit have an abnormal number of accounts with unnecessary entitlements (that is, access rights that have never been used)?


IAM_dummies_300x250.pngCan your Identity and Access Management solution do all of this? With Access Insight 9.0 it can! Access Insight 9.0 is Courion’s newest intelligence tool works with Courion’s IAM solution, another vendor’s or even when no IAM solution is present to help you make sense of your complex access relationships. 

Want more information on how intelligence improves IAM? Download our eBook “Intelligent IAM for Dummies” or schedule a demoof Access Insight 9.0 for your orgaization and learn how you can get the most out of your complex data. 


Tags: Access Insight, IAM, access risk, intelligent IAM, IIAM

What is Vulnerability and Access Risk Management?

Posted by Felicia Thomas on Thu, Mar 03, 2016

Threat intelligence is a company’s worst nightmare which pushes cyber security and risk management to the top of the list for standard operating procedures (SOP). Traditional risk management is a thing of the past, and corporations have begun investing in top-notch security solutions for their various databases. Although no solution will ever be 100% capable of preventing attacks, there are solutions that can help provide roadblocks to deter these occurrences. With proper detection solutions, a company becomes proactive—rather than reactive—to fight against vulnerabilities that exist in their systems.

Large organizations are riddled with increasing threats to their system infrastructures and customer data. TheiStock_000065499107_Full.jpg vast majority have moved into protecting these assets with Identity and Access Risk Management (IAM). An emphasis on compliant provisioning of users, identifying management of roles, the maintenance of compliant roles, and processes to manage segregation of duties (SoD) are the focuses of this type of management tool. However, in some cases, the traditional IAM solution is not enough protection against threats.

Many large corporations want an automated, rules-driven solution that can provide quick remediation around network access controls. However, before an attack occurs and remediation can begin, there is the challenge of anomalous activity detection from the infrastructure level. To help with this detection, many companies have instituted consistent monitoring by scanning the system for potential threats to safeguard their infrastructures.

Dynamic provisioning capabilities through IAM, and the proper protection to deter attacks from the infrastructure level with vulnerability management, can position a corporation to achieve the best level of protection possible. This introduces the concept of the acronym VARM – Vulnerability and Access Risk Management. It’s not just the first line of defense; it’s a complete, end-to-end solution that will break the “kill chain” from system threats within the enterprise.


Want to learn more about Vulnerability and Access Risk Management and how it can help your organization?VARM_600x315.png Download our new eBook and learn: 


  • How Vulnerability and Access Risk Management really works
  • VARM's impact on governance and remediation 
  • Tools to remediate vulnerabilities 
  • Prioritization for reducing risk 
  • Check list for a VARM solution 

Tags: access risk management suite, IAM, access risk, intelligent IAM, identity and access management, Access Risk Management, Identity & access management, vulnerability management, vulnerability risk management, vulnerability, Vulnerability and access risk management, VARM

What is Intelligent Identity and Access Management?

Posted by Jay Mecredy on Thu, Jan 21, 2016


What is Intelligent IAM?

Intelligent IAM (IIAM) encompasses all the administrative processes used in Identity and Access Management (IAM), but the processes are influenced by real‐time data. IAM solutions that use intelligence continuously collect, monitor, and analyze large volumes of identity and access‐related information, combining data not only from provisioning and governance Dummies_book.pngsolutions but also from security products and other external systems. IIAM solutions are often designed to be used with a provisioning system, a governance system, or both.

  •  IIAM solutions, which include integrated identity analytics and intelligence (IAI), help find key information hidden in complexity and provide visibility into context and comparative data. These solutions may help organizations. 
  • Avoid security breaches by continuously monitoring for policy violations and vulnerabilities and by uncovering problems hidden in large volumes of data
  • Strengthen risk management by reducing vulnerabilities immediately and by highlighting individuals and resources associated with high risks
  • Continuously improve provisioning, governance, and other IAM processes by focusing attention on weak links and ineffective processes
  • Improve the productivity of IT staffs by giving them tools to quickly and reliably conduct analyses, find patterns, identify anomalies, and spot trends


Why Is Traditional IAM No Longer Enough?

Until recently, traditional IAM encompassed only provisioning and governance products needed to evaluate or audit access to confirm that the access provided is in compliance with business policies and external governance regulations.

Some examples of traditional IAM functionality include the following:

  • Provisioning solutions automate the granting and revocation of access to applications, IT systems, and services; tangible assets such as laptops, smartphones, and security badges; and intangible entitlements such as access to secure areas.
  • Governance solutions provide tools to enable compliance with government regulations, industry standards, and organization policies, and to verify that compliance.
  • IAM solutions have helped organizations automate operations, reduce manpower needs, simplify audits, and provide users with access to the applications and resources they need. Yet traditional IAM processes are far from perfect.

IIAM_Graph.pngOrganizations are still challenged by issues such as lingering abandoned accounts for users no longer affiliated with the organization, proliferating orphaned accounts with no administrative oversight, people with inappropriate access to data, and policy violations. These challenges increase the level of risk to the organization.



In Figure 1-1 (right), you can see the impact abandoned accounts have on your organizations. With so many accounts left with no owner, you greatly increase your risk of a breach.





Is Intelligent Identity and Access Management (IIAM) for you? Read more about how you can use IIAM in your business to turn big data into actionable information by downloading IIAM for Dummies today! 


Tags: IAM, Identity and access intelligence, intelligent IAM, identity and access management, intelligent identity and access governance

Interview with a Healthcare Security Expert: William "Buddy" Gillespie, HCISPP

Posted by Joaquin Ruiz on Thu, Jan 14, 2016

In November we started a wonderful webinar series with industry leader William "Buddy" Gillespie, HCISPP and we introduced that series with a sit down interview. Yesterday, we concluded the series with a webinar titled "Healthcare 2020: Focus on the Future". While the webinar series may be over, our partnership with Buddy will continue and we would like to continue to showcase his knowledge through another sit down interview. Here's what Buddy had to say about the future of Healthcare IT. 

Courion Corporation: What are the changes you have seen in the last six years?Gillespie-Head-Shot.gif

William "Buddy" Gillespie: The last 6 years has been a fast-train for Health Information Technology and has resulted in a huge magnitude of change to the delivery of healthcare. The major force vector behind the high rate of change has been the HITECH Act.  There is no doubt that this Act was the major catalyst to get hospitals to invest in the EMR and other related technologies. The number one change has been in the way patient care is delivered.  Physicians, for the most part, no longer fight technology but embrace it. The question on the table, is will the changes sustain or will they fall back, we can only hope that Meaningful Use is “too big to fail”.


CC: What about the sustainability of HITECH, Electronic Health Records, Meaningful Use, and the Triple Aim?

BG: In 2009, the HITECH Act was signed into law which established the goal to implement the Electronic Health Record across all healthcare providers and thereby establish a road to have every caregiver to utilize the EHR in a manner which constitutes a “meaningful use” of the patient data.  Rules were established to define Meaningful Use and if the provider achieved the goal incentive payments would be paid to the providers.  The Act was setup into three phases and each phase have its own criteria/rules to define the objectives for achievement. Ninety percent of providers have achieved the first two phases and over $20 billion dollars have been paid-out in incentives. The criteria for the final phase have been released and providers are gearing up. The ultimate goal of the HITECH Act and Meaningful Use is to meet the three pillars of the Triple Aim: Reduce the cost of healthcare, increase quality and improve the patient experience.  The question now becomes how successful have the first two phases been in meeting the goals of the HITECH Act and the Triple Aim.  Surveys to that regard have resulted in mixed reactions. While the overall feeling is positive some have responded that the Act has created additional burden on an already excessive patient load for physicians.  There is no doubt that the Act has resulted in the expansion of the EHR to a level never before seen in healthcare.  Today over 50 percent of physician practices and over 60 percent of hospitals have implemented a robust EHR.  Phase Three will be the ultimate test of the success factors for the HITECH Act.  That phase will build on the first two phases and take into account the pros and cons of the first two phases. 

In my opinion the real critical success factor will be sustainability.  Once the dollar incentives are gone and the “awe gee” reaction has passed, will the current level of Meaningful Use survive? I think not unless healthsystems and providers continue to monitor, nurture and invest in the resources and technology to sustain Meaningful Use.


CC: How can one be ready for the readiness for Phase 2 of the OCR and the HIPAA Audit Program?

BG: The Office for Civil Rights (OCR) has announced that they are ready to start the second phase of the HIPAA/HITECH audit program. The scope of Phase 2 will be to audit 200 plus covered entities.  The audit criteria will be benchmarked to the compliance of the HIPAA Privacy and Security Rules plus the requirements for Breach Notification.  The Covered Entities Audits will be followed by audits of the Business Associates to include EMR vendors, Cloud Service Providers, and other BAs in the HIPAA Chain of Trust continuum.

Although OCR has indicated that the first round of audits will be a review of policies and processes, additional on-siteiStock_000021946209_Full.jpg audits will be more comprehensive in nature and focus on a deep-dive of internal technology and other types of mitigating solutions in place to support risk prevention. 

So what is a good rule of thumb for preparing for the OCR audit?  First of all make the assumption that you will be part of the 200 plus and prepare a plan sooner than later. The plan should be kept simple and kept to a few basic components:

  • Review OCR’s audit protocol and be well versed on the HIPAA and HITECH regulations
  • Review your documentation and insure you have the most recent HIPAA guidelines, policies, and procedures in place and the organization is well-educated relative to those documents
  • Have a clear understanding on what OCR’s expectations/process is relative to providing your documentation to the auditors.
  • Orchestrate a “mock” audit with all internal parties and simulate a real audit.
  • Lastly, establish a communication chain within your organization to communicate events, timelines, tasks, status, etc.


CC: What is the role of analytics and business intelligence with healthcare? Also, how is it affected by the “Big Data Storm”?

BG: We hear a lot about Big Data, Analytics and Business Intelligence and their role in healthcare.  We are in the middle of a “Big Data Storm” which means some amount of turbulence as we sort through the best methods to survive the storm and harvest the best use of the data.  I recall being asked twenty years ago by a physician to produce some clinical decision support reports.  I had to reply “I am sorry, but we don’t have the data”.  Today that response is no longer valid, we do have the data, lots of it, actually petabytes of data.  So now it is all about turning that data into meaningful analytics/dashboards so that the C-Suite and physicians can make predictive decisions to forecast the financial status of the hospital or forecast and improve the outcomes of their patients.  In order for the benefits of Analytics to be recognized it will take a large investment of resources and tools to extract, categorize, and build the meaningful dashboards.  It can be done but it will require a top-down data governance and investment in technology to make it happen.


CC: What are the pros and cons of employees bringing their own devices to their respective hospitals?

BG: Today 90 percent of hospitals allow their employees to BYOD.  The justification is based on perceived increased productivity because the employees are using devices they are familiar with 7 by 24.  BYOD also can boosts employee morale, they can view pictures of kids, grandkids and communicate with family members with minimal disruption to their work day.

The downside is the “Internet of Things” which means different devices, different operating systems and different touch and feel.  This creates a security nightmare for the IT department.  A recent Gartner survey shows that only 50 percent of hospitals have a Mobile Device Management system in place to mitigate the security risks associated with BYOD.


CC: What is the importance of mobile device management? What are the safeguards to protect their devices?

BG: BYOD is on a sprawl across healthcare and becoming a standard for doing business.

A recent survey by HIMSS indicates that 70 percent of clinicians use a mobile device to access patient data.  Physicians say that mobile devices increase their efficiency and results in improved quality of care.  However, the chance of a data breach iStock_000064606695_Full.jpgincreases with the BYOD scenario and can result in a HIPAA violation.

So what is the best solution to mitigate the risk of a data breach?  The industry is pointing toward the implementation of a Mobile Device Management solution (MDM).

MDM can provide the following safeguards:

  • The enforcement of device security by creating a standard across all types of devices
  • Provide for a “lock-screen” if a device is lost or stolen
  • The disablement of apps which may be corrupted and open to breach
  • Remote monitoring to see the status of all devices and thus proactively sense an impending breach.
So you might ask, why do only 50 percent of hospitals have a MDM solution in place?

Well it all gets back to budgets and the priority of investments.  Where surveys indicate that security is a high priority, when the allocation of dollars are decided, the security investments fall toward the bottom.  In contrast, the cost to a hospital for the remediation of a HIPAA breach instance can cost millions of dollars.

The decision is whether to be proactive or reactive, we will see.


CC: Finally, what keeps you up at night?

BG: Upon retirement as a healthcare CIO/CTO a few years ago, I realized how much better I felt after a good night’s sleep.   After so many years of being the executive in charge of a large data center, miles of network connectivity, gigabytes of patient data and 200 IS professionals there was always something on my mind as I retired to a doubtful good night sleep.  

Although I sleep more soundly these days, I still recall the pain points that kept me tossing at night.  The “internet of things” has exploded since my CIO/CTO tenure but the basic issues still exist although somewhat changed in terminology, structure and magnitude.

Here are a few of the issues I recall that kept me up at night and still do if I am having a nightmare:

Privacy/Security and HIPAA Compliance
  • After the HITECH Act of 2009 and the Omnibus Bill of 2013 the HIPAA bar raised relative to the Privacy and Security regulations. CIOs must now partner with the CISOs to understand what is required to comply with the expanded regulations.  HIPAA is not one and done and continues to evolve.  In years past if you had a good firewall in place you didn’t worry, but today the onslaught of Cyber Attacks has brought a new dimension of requirements and added layers of technology.
Budget controls
  • After the billions were invested in technology after the HITECH Act was passed, healthcare organizations are slowing down on IT investments.  At this point the investments are focused more on sustaining what was purchased and implemented in the last 6 years.  CIOs are looking at the cloud and consultation to lower ongoing operational costs.  What we build, we must sustain.  
Talent Recruiting and Retention
  • After the HITECH Act passed in 2009, ONC announced that there would be an increased need for 50,000 more healthcare IT professionals.  I am not sure that number was reached, but if you look at the job postings for the large healthsystems you will find a large number of IT vacancies.  Talented and experienced IT professional are in high demand and that void will continue into the next decade.  .
Shifting business needs and Innovation
  • CIOs are expected to not just be a technology expert but an innovator as well. To be able to understand the changing landscape of healthcare and how to couple the technology and business together for better outcomes. The C-Suite is constantly taking up more of the CIOs time resulting on less focus toward the basics of running a solid IS department.
Disaster recovery/business continuity
  • The paperless patient record has brought about the necessity for business continuity planning.  At the heart of that is a viable Disaster Recovery plan.  A recent survey shows that 50 percent of hospitals with an EMR have no DR plan.  Given the bad experience with Katrina and the Sandy Storm you would think that would be a lesson learned. The number one priority for CIOs is to keep the lights on in the data center.DR is more than just backing data up to tapes!

Thank you so much to Buddy for another great interview and for another insightful webinar.

Missed Buddy's webinar, "Healthcare 2020: Focus on the Future"? Catch up here! 


Download Now  

Tags: intelligence, IAM, cyber security, healthcare IT, BYOD, healthcare security

The Hacker Who Stole Christmas

Posted by Joaquin Ruiz on Thu, Dec 17, 2015


Tags: IAM, Courion, cyber security, IAG, identity and access governance, identity and access management, Identity & access management, retail cyber security, IIAM

Better Together: Courion and Core Security

Posted by Chris Sullivan - GM, Intelligence/Analytics on Wed, Dec 16, 2015

Courion + Core Security FAQ
By Ray Suarez, Core Security and Chris "Sully" Sullivan, Courion

A lot of folks have been asking why we made this acquisition. The reality is, this is a merger of two market leaders expanding their products to offer something never before seen in the cyber-security space. So to build on and explain this thought, we wanted to do a little Q&A to answer some of your questions.

Ray:  Sully, why do organizations do Identity, Governance and Administration (IGA)?  Better_together_1.jpg
Sully:  To manage access to information and processes.

You can buzz it up by talking about threat surface and risk but you are simply protecting card data, IP (your crown jewels) or the ability to prevent unintended transfer of large sums.

Sully:  Why do organizations do Vulnerability Management (VM)?
Ray: To manage access to information and processes.

So let’s see, they are both solving the same problem. VM protects you up to the identity, and IGA from the identity to the process or information. Each area has tools, control processes and teams to do the work.

But our adversaries don’t partition their work this way. Consider the Target breach attack path. It was HVAC vendor account (IGA) -VPN (VM) - BMC_user1 account (IGA) - C&C server (VM), - payment systems network firewall (VM) – dev, sw distribution, exfil servers (VM). Our adversaries move quickly between the VM and IGA world and hide in the cracks between them.

Now Courion has long been an IGA market leader and is specifically recognized for customer sat and delivering on the promise of intelligence. We use a property graph (I know too techie but it’s necessary to solve the scale problems) to give you a comprehensive view of your logical access. That’s person, to accounts, to permissions and sub-permissions and roles and sub-roles and sub-sub-sub.. In a mid-sized company, that’s billions of changing security permutations – even the best security experts can’t visualize that complexity. Our analytics let you really understand what’s important so you know what you are requesting, reviewing, approving instead of just pretending that you do.

better_together_2.pngAnd Core Security has long been the VM market leader and is specifically recognized for unraveling the complex permutations of vulnerabilities that could lead to a breach of critical assets by an attacker. Courion also uses a property graph to give you a comprehensive view of the layered infrastructure and understand what’s important. That’s network, client, web, wireless and mobile.

Now imagine what would happen if you connected those two worlds with all that domain expertise and IP.  For example a blind person will perfect their listening skills to compensate for their disability and a hearing impaired person will perfect visual observation. If we could combine each of these improved senses, it would provide clarity that us normal folk might not even think possible.

Don’t believe us? Hear what some of the industry experts have to say here

2 more questions…

1. Why does InfoSec exist? To manage access to information and processes.

   2. Why Courion + Core Security? Because it was the only sensible thing to do.

Welcome to Courion + Core Security, the only security company that can continuously and comprehensively mange access to your information and processes.

Did we miss anything? We are building a new world so if you have any questions or just want to discuss things, please let us know in the comments. 


Tags: IAM, Courion, cyber security, intelligent IAM, IAG, identity and access governance, core security, vulnerability management, VRM, vulnerability risk management

The Walking Dead: How to Find Zombie Accounts in Your Network

Posted by Chelsea Herring- Sales Operations Analyst on Thu, Oct 29, 2015

Living in Atlanta, I get my fair share of zombies. The popular television show “The Walking Dead” was actually filmed on Georgia State’s campus downtown and features several Atlanta landmarks. We have the Centers for Disease control who (hopefully jokingly) has a zombie preparedness plan.  We even have a zombie walk each year
around this time where anyone who wants to get in on the madness can dress as a zombie and stagger around town. While zombies may be popular when it comes to fictional T.V. shows or once a year costumes, they are a real and ongoing problem when it comes to your IT security.

Zombie accounts, also known as abandoned accounts, are user accounts left with no verifiable owner. This happens most often when someone leaves your company and their access to a certain application is never terminated. In a perfect world, the person that leaves you would never try and get back into your system for any reason. However, our world is not perfect. Instead, we have rogue players who can create or hide these accounts in your system for nefarious reasons. There are also hackers who are stealing user credentials from all over the world and trying to use them to get into your system. If your employees have the same password at their bank that was just breached and your hospital EHR system, then the hackers are already in. 

The solution sounds simple, almost as if you can’t believe people don’t terminate access immediately after someone leaves, but it happens all the time. For example, let’s think about a hospital with 200 doctors, 400 nurses, and 300 members of the support staff. Each nurse needs access to the email, EHR system, file share system, and the patient portal. Except for the nurses that also work with insurance, they need to get into that system. Oh and the nurse that worked on the floor for a month before transferring to the ER; she is gone now but did we ever shut off her floor access?

Have you had a layoff or have a seasonal business where employees are leaving at once? What about interns or contractors?   The rise of zombie accounts isn’t like something out of the movies, it is as simple as any of the examples above. With so many users in your system, without an automated process you can’t see who is signing into these accounts or monitor their usage in real time. Leaving these accounts open increases your threat surface and the likelihood that you will be breached.

So how do you stop zombie accounts from happening? On T.V. it’s as easy as a single shot to the head. In the real world, that silver bullet is called intelligence. With a manual system full of spreadsheets, you have to be able to comb through each of them, hoping that their manager didn’t miss anything. In an organization with only ten people, this method might be feasible. However, in an organization with hundreds or thousands of employees, a manual system doesn’t give you the insight that you need when you need it.

With an intelligent IAM system you will be able to de-provision accounts automatically. No spreadsheets to look through, just the click of a button once an employee leaves and all of their access rights are shut down immediately. Intelligence in IAM also allows you to see into your system at any time with real-time monitoring tools. What your system looks like now versus five minutes from now will be completely different, and you have to be able to see into your system to ensure that no one is abusing their access.

You can’t fix what you can’t see. If you can’t see zombie accounts staggering through your network then how will you know they are there? Or if they are being controlled by a hacker who is quietly siphoning off data to use against you. You need an intelligent IAM solution to help stop zombie attacks and any other insider threat your system may face.

Have you had success in ridding your network of zombies? Let us know in the comments!

Ready to start your own Zombie Preparedness Kit? With a quick scan of your system we can show you:

  • Where your zombie accounts may be lurking
  • How you can improve operational efficiencies 
  • How you can reduce the threat of zombie accounts  
  • How to drive your IT costs down.

Start My Quick-Scan


Tags: cybersecurity, IAM, IAM in the cloud, Zombie Accounts, intelligent IAM, Cyberattack

5 Cyber-Security Mistakes That Will Make You Scream

Posted by Ashley Sims - Marketing Manager on Thu, Oct 22, 2015

Your employees are the core of your business and what makes it great. However, they can also be the cause of risk in your organization. Establishing a culture of security is the best defense you can have against external threats to your company.

Here are some of the top mistakes employees make and how to stop them.


Tags: cyber risk, IAM, cyber security, BYOD, Culture of security, intelligent IAM

How to Mitigate Cyber Risk in an "Always-On" Society

Posted by Corey Talbert - Business Development on Thu, Oct 15, 2015


It's week two of National Cyber Security Week, and the theme could not be more relevant to our everyday lives: security for the always connected. How many devices do you have within your reach right now? How many emails did you answer on your cell phone, work or personal, after you got home last night? What about the number of alerts from Facebook or Twitter that you woke up to?


All of these are examples of how our lives have become constantly connected.


I'm not saying that being constantly connected is a bad thing. It's actually kind of amazing. We can instantly communicate with customers from around the world. We can send files across continents within seconds. We can watch someone in Japan order a pizza live on Periscope any time of day. Ok, I guess they aren’t all amazing, but you get the idea.


Openness supports productivity and creates opportunity, but it also creates security and compliance risk. Think about the number of users and applications that you have in your organization. That number seems to grow every day as do their permission and access requests. Do you have multiple devices for these users? Then that number just doubled again. What about a ‘bring your own device’ policy? Do you have one? If not, then you are allowing access to your network on a host of unsecure devices. If you do, then do you have differentiated networks for employees, guests, contractors, and so on?


Organizations have to find a way to balance the risk of exposing their data with the need to grant access to their employees, partners, and customers. At the same time, you must put governance controls in place to make sure that data is only accessible to the right people, at the right time, on the right device. The key to this balance is not trying to lock down everything in sight, but being able to assess the greatest areas for risk to the business and allocate your resources wisely.


Until now, the biggest challenge has been figuring out which assets pose the biggest risk, where they live, who has access to them and what users are doing with these assets. However, if you really want to protect your organization, you need to know that information right now, in real time and not through periodic reviews once or twice each year. It's simple; if your users are on your network 24/7 then you need to be able to see what they are doing 24/7. 


The best way to protect and monitor the massive amount of information that you have is through an Identity and Access Management system. It's not only complex, it is critical if you are in one of the many industries regulated by corporate or government policies and regulations. These systems grow more complex every day due to the sheer amount of data that we are adding into our networks and can require substantial investments in both administrative and financial resources. However, no investment can compare the security of your data, the full compliance of your company and the reputation of your brand.


In our evolving "always-on" culture, we have to be prepared to do more than pass a yearly audit. Too many organizations make the mistake of primarily focusing on passing their audit and being seen as compliant within regulations rather than using their IAM system as a business enabler. An IAM solution is a way to protect your entire organization from potential risks to business and, unlike your employees, it is able to work 24/7 for you.


Is your IAM solution working for you? Are you using it as a business enabler and assessing your risk in real-time, or are you simply using it as a tool to get through your annual review? Assessing access risk in anytime is crucial in our culture and is the key to a fully compliant organization.


Have more questions about how to assess your risk in real-time? Want to know how an IAM solution can help keep you secure in our always-on, cloud based world? Download our white paper today and learn more about managing risk in today’s business.


Tags: cybersecurity, cyber risk, IAM, cloud, IAM in the cloud, intelligent IAM, Cyberattack

Intelligent IAM for Risk Assessment

Posted by Steve Morin -Director, Product Management on Thu, Aug 20, 2015

Welcome to the last installment of our 3-part series exploring how intelligence improves identity and access management, or IAM. In part 1 we looked at how intelligence improves the provisioning portion of IAM. In part 2 we took a look at how intelligence improved the governance portion of IAM. In this segment we look beyond just provisioning and governance to address how intelligent IAM can help to reduce the top 5 most common elements of risk: identity, resources, rights, policy, and activity. 

1. Identity: In part 2 of our series, we discussed how human resources were the most dynamic risk facing security teams today. The reason behind this is that you are constantly managing changing identities. Who are you? What is your role? What do you need access to? These are questions constantly being asked by our system and can equate to hundreds or even thousands of access requests a year. 

describe the image
With intelligent IAM, all roles are built into the system along with the basic applications that they need access to. For example, when a marketing manager was hired, they would be led through the system to request access to their email account, marketing file share folder, and marketing automation software because those are typical of their role and inside their peer group. All requests that fall within the boundaries of their peer group they would be automatically approved for. However, if they wanted access to, say the sales folder, they would have to request special access. This solution gives the user guidelines rather than the all too common shopping cart approach where they are requesting items that they don’t really need and creating a backlog of requests while the approver decides if they really need that access.

2. Resources: With so many business applications, servers, mobile devices, etc. do you know which assets are critical and must be protected? Do you know which seemingly innocuous applications tie back to a server that needs to be protected?

Governance certifications exist to monitor access to the most sensitive information, applications, and servers. Intelligent IAM governance will not only monitor your most sensitive data, but will send up a flag, or an alert, when a high risk event takes place. When accounts are created outside of the provisioning system or high risk applications are granted outside of a role or peer group they will be flagged as a "critical risk". 

3. Rights: Who really needs access to what? Before intelligent IAM all provisioning and governance had to be audited to make sure that the right people had the right access to the right things. The issue was that those rights were always changing. Some applications are not as high risk and can be audited on an annual or semi-annual basis. However, there are other applications that are highly critical and must be assessed on a monthly or weekly basis. Doing this manually for all employees would be impossible. 207H

By using intelligence, your IAM system can review rights as needed and ask for re-certification for sensitive applications. For example: an email account can be automatically re-certified each month as long as the employee isn't terminated. However, the payroll system may need a monthly manual re-certification to make sure that only the right people have access.

4. Policy: What business rules must be enforced in your company? What segregation of duties do you rely on? This is another risk taken care of, somewhat automatically, by the assignment of roles within the organization. Segregation of Duties is an easy addition, especially when set initially. Managers should not be able to both post and approve their own time cards, nor should they be able to place and approve a purchase order. Governance certification and approvals as well as segregation of duty assignments will help to mitigate this risk rather easily.

time 273857 12805. Activity: Who is doing what? And when? Visibility into all of your applications and systems is an extremely difficult task and without an automated system is basically impossible. Much like with the alerts sent by your high risk resources, you can use intelligent IAM to see what your users are doing with real time monitoring and be alerted to any inconsistencies. This real time look into your system shows you what is happening with approvals as well as risk assessment and can take away the need for annual or semi-annual auditing. With an automated system you will be able to see sensitive updates monthly, weekly, or as needed instead of having to wait 6 to 12 months for an audit.

While the idea of an Identity and Analytics system is not new, we believe that the use of intelligence in IAM is revolutionizing the industry. With the use of real-time data and information backed automation systems, you are able to have visibility into your system at any time rather than waiting for an audit. Your decisions will be made based on the most accurate and up to date information.

Want to know more about how Intelligent Identity and Access Management can help you mitigate risk in your organization? Download our eBook, Improving Identity and Access with Intelligence, and learn about: 

- What is Intelligent IAM? 

- Intelligence for Provisioning

- Intelligence for Governance

- Intelligence for Risk 

- And More! 

         describe the image        


Tags: risk management, intelligence, cybersecurity, security risk, cyber risk, IAM, cyber security, risk, intelligent IAM, identity, identity and access management, IAI, Identity & access management