Why Deleting Security Groups Doesn't Have to be Scary

Posted by Ashley Sims - Marketing Manager on Thu, May 12, 2016


A few months ago our very own Chris "Sully" Sullivan, GM- Analytics/Intelligence, delivered a speech to the Gartner Identity and Access Management Summit to a group of IAM ninjas in London. Confession - I love hearing Sully speak. I always learn something and I love seeing the crowd as they learn these things along with me. However, at this event I was actually more surprised than usual at the response that he got when he asked the simple question "how many people here delete security groups?"


You might as well have asked them if they would be willing to donate a kidney to a stranger or forgot their cell phone at home that morning. Needless to say, most everyone sort of looked at Sully like he was crazy which was exactly what he was going for.


The reason, he explained, that no one deletes these groups is because they can't tell what is in them. Can you imagine deleting a group because you thought no one needed it and it turns out that you just shut off your CEO's access to an application that he/she uses daily? Not a good look for the security team.


Sully's point for the presentation was that now, with access intelligence, you no longer need to be afraid of deleting these groups and cleaning up your network because you can finally drill down into these security groups and understand exactly what is at stake. The primary reason companies are loath to delete security groups in Active Directory is because they simply don’t understand the complexity of access such as how access is granted, nested entitlements, and direct versus indirect assignment of access.


All businesses, regardless of industry, are faced with an exploding universe of identities, devices and data that employees require to do their job. The expanded use of mobile and cloud devices, along with non-employee and transitional employee access means that risk management and compliance is extending far beyond traditional enterprise limits. This can equate to trillions of access relationships that put your company at risk. How are you supposed to see into all of these relationships and understand the risks they pose?


With actionable intelligence through Access Insight 9.0 you get a comprehensive and continuous view and analysis of these trillions of relationships between identities, access rights, policies, resources, and activities. Our analytics engine pulls in these large amounts of identity and access data and stores them in its proprietary in-memory access analytics engine. The "engine" correlates relationships that exist between user identities and their fine-grained access within an organization. These analytics identify potential risk in a current and historical perspective in lines of business, governance, operations and applications.


For example, our Access Explorer builds every Active Directory Group out in a spider diagram so that you can see AI_Spider.pngwhose access is connected and where your privileged accounts are linked to. 


Not only can you drill down into these details but our analytics provide the ability to analyze large amounts of identity and access data against policy and company defined models of activity patterns. This gives you the ability to personalize policies for your organization and with any change in these policies you can be immediately notified at any signal of dishonest or malicious behavior. Imagine having a solution that would automatically alert you and require a micro-certification when an account had access to do more than you believe it should?


It's time to start using all of this collected data to our advantage. It's time to start looking at our access relationships and prioritizing the risks our organization faces. Weather you have an Identity and AI9_Access_Risk__300x2506.jpgAccess Management solution or are working within your Active Directory, Access Insight can put your data to work for you.


Want to see how this looks within your organization? Request a demo of our Access Insight solution and see how actionable intelligence can help prioritize risk and transform your organization's security.


Tags: access rights, Access Insight, access risk, intelligent IAM, identity and access governance, Identity & access management, intelligent identity and access governance, intelligent identity and access management

9 Things to Look For in an Intelligent Identity and Access Management System

Posted by Ashley Sims - Marketing Manager on Thu, Jan 28, 2016

Do you know what to look for in an Intelligent Identity and Access Management system? Let us help with today's checklist of 9 essential items for IIAM. 


Tags: Courion, intelligent IAM, IIAM, intelligent identity and access governance, intelligent identity and access management

What is Intelligent Identity and Access Management?

Posted by Jay Mecredy on Thu, Jan 21, 2016


What is Intelligent IAM?

Intelligent IAM (IIAM) encompasses all the administrative processes used in Identity and Access Management (IAM), but the processes are influenced by real‐time data. IAM solutions that use intelligence continuously collect, monitor, and analyze large volumes of identity and access‐related information, combining data not only from provisioning and governance Dummies_book.pngsolutions but also from security products and other external systems. IIAM solutions are often designed to be used with a provisioning system, a governance system, or both.

  •  IIAM solutions, which include integrated identity analytics and intelligence (IAI), help find key information hidden in complexity and provide visibility into context and comparative data. These solutions may help organizations. 
  • Avoid security breaches by continuously monitoring for policy violations and vulnerabilities and by uncovering problems hidden in large volumes of data
  • Strengthen risk management by reducing vulnerabilities immediately and by highlighting individuals and resources associated with high risks
  • Continuously improve provisioning, governance, and other IAM processes by focusing attention on weak links and ineffective processes
  • Improve the productivity of IT staffs by giving them tools to quickly and reliably conduct analyses, find patterns, identify anomalies, and spot trends


Why Is Traditional IAM No Longer Enough?

Until recently, traditional IAM encompassed only provisioning and governance products needed to evaluate or audit access to confirm that the access provided is in compliance with business policies and external governance regulations.

Some examples of traditional IAM functionality include the following:

  • Provisioning solutions automate the granting and revocation of access to applications, IT systems, and services; tangible assets such as laptops, smartphones, and security badges; and intangible entitlements such as access to secure areas.
  • Governance solutions provide tools to enable compliance with government regulations, industry standards, and organization policies, and to verify that compliance.
  • IAM solutions have helped organizations automate operations, reduce manpower needs, simplify audits, and provide users with access to the applications and resources they need. Yet traditional IAM processes are far from perfect.

IIAM_Graph.pngOrganizations are still challenged by issues such as lingering abandoned accounts for users no longer affiliated with the organization, proliferating orphaned accounts with no administrative oversight, people with inappropriate access to data, and policy violations. These challenges increase the level of risk to the organization.



In Figure 1-1 (right), you can see the impact abandoned accounts have on your organizations. With so many accounts left with no owner, you greatly increase your risk of a breach.





Is Intelligent Identity and Access Management (IIAM) for you? Read more about how you can use IIAM in your business to turn big data into actionable information by downloading IIAM for Dummies today! 


Tags: IAM, Identity and access intelligence, intelligent IAM, identity and access management, intelligent identity and access governance

Welcome Back, Lisa Lombardo!

Posted by Ashley Sims - Marketing Manager on Wed, Jan 20, 2016


Core Security and their incredible team are not the only new additions to Courion. We are thrilled to welcome back Lisa Lombardo to Courion. Lisa recently sat down with me and gave me a bit more insight on why she came back and what she thinks of the company today. 


Ashley Sims: Lisa, you were here for over 18 years. You left during the recapitalization and resulting restructuring last spring and we are thrilled to announce that you have just come back. Can you let us know why you made this important decision?Lisa_Lombardo.jpg


Lisa Lombardo: Look, I knew Courion had to change, we all did, but with change comes uncertainty. We lost a lot of great people and while I say I “left” the company, I was never that far away because I was still helping out in a consulting capacity during the transition. That gave me a front seat to see the “sausage being made” and it wasn’t always pretty – It strained many parts of the organization. However, I’ve also gotten to see the investments that have been made across our business and their resulting benefits. Our capacity to deliver has grown with our expanded partner network, our internal and customer training has gone from adequate to ever-improving, our backend financial, expense and customer management systems are all upgraded so our business just runs faster, more smoothly and more effectively.  I was surprised to learn we’ve hired and ramped 120+ people. We have the resources to invest in improvements in deployability, reliability and UX across the product offerings.  With the acquisitions of SecureReset and Bay31, they make our existing products better and you can see that with our merger with Core Security that begins to delivers a new, intelligent driven, better together vision for the entire security industry. Finally, and perhaps most important to me, we have absolute clarity that making our cherished customers “raving fans” is a pillar of our business. Here again we have made much needed and long sought after investments – our new Customer Success organization is bigger and better than ever.  Yes, I am glad to rejoin Courion but I am happier that my Courion is improving and advancing both tactically and strategically.




Tags: Courion, core security, securereset, intelligent identity and access governance

Detect, Deter, and Remediate Breaches

Posted by Ashley Sims - Marketing Manager on Thu, Dec 10, 2015

This week has been a whirlwind for everyone at Courion. On Wednesday we announced a new acquisition and launched a new website. Both pretty "wow" factors if you ask me but there was another event that took place on Tuesday that you may have missed. 

For those of you who didn't have the chance to make it out to Vegas for the Gartner IAM Summit and listen to two of our amazing thought leaders speak, we wanted to share their presentation. 

Venkat Rajaji, VP, Product Management/Marketing and Chris Sullivan, GM, Intelligence/Analytics share their thoughts on how companies can detect, deter and remediate breaches and other cyber risks through Intelligent Identity and Access Governance Solutions. 

Click here to get a copy of "Intelligent Identity and Access Governance - Deter, Detect, and Remediate Breaches Before Business Loss". 



Tags: intelligent IAM, access intelligence, intelligent identity and access governance