Inside-Out Defense launches privilege access abuse detection, remediation platform

Cybersecurity vendor Inside-Out Defense has emerged from stealth with the launch of a new privilege access abuse detection and remediation platform. The SaaS, agentless platform supports all environments and applications, complementing existing identity and access management (IAM), privilege access management (PAM), and custom identity solutions, the firm said.

Stolen access credentials are highly attractive to cybercriminals looking for routes into company networks and systems. What’s more, access brokers – criminal groups that sell stolen access credentials – have become a key component of the eCrime threat landscape, with elevated privileges typically having the highest asking prices.

Privilege access abuse significant contributor to data breaches

Privilege abuse through compromised identities are significant contributors to data breaches. Without the ability to see how access is used throughout an enterprise, CISOs and cybersecurity teams can be blindsided.

Tools such as PAM solutions can aid management of privileged credentials to stop or slow an attacker’s movement through a network. However, Inside-Out Defense claimed that today’s cybersecurity market is flushed with point solutions that only look for a few known privilege abuse signatures and are reactive in nature, detecting abuses after the event. The Inside-Out Defense platform enables the determination of gaps between known and unknown abuse behaviors to detect privilege abuse as it happens, the vendor said in a press release.

Inside-Out Defense said the platform’s key features include:

• Privilege abuse remediation: The platform detects access abuse behaviors in real time and provides in-line remediation of malicious privilege access through a kill switch.
• Access intent: Customers get a 360-degree profile of malicious access requests, their context, and intent, offering a real-time view of the organization’s access posture.
• Coverage across the entire organization: Coverage across the organization’s environments includes infrastructure (cloud and on-premises), applications (SaaS, managed, unmanaged), APIs, and human/ non-human users.

“Many enterprise organizations struggle to maintain a comprehensive view of privilege access that has been awarded to their employees,” said Mark Settle, author of Truth from the Valley, A Practical Primer on IT Management for the Next Decade and former Okta CIO. This confusion results from the wide array of IT resources supporting daily business operations and the complex ways access can be granted, delegated, transferred, or assumed, he added.

Cybercriminals prioritize stolen credentials, access broker demand increases

Cybercriminals are doubling down on stolen credentials, demonstrating a clear demand for access broker services. There was a 112% year-over-year increase in advertisements for access broker services identified last year compared to 2021, with more than 2,500 advertisements for access detected across the criminal underground, according to the CrowdStrike 2023 Global Threat Report. There was also a notable shift away from malware use related to adversaries’ prolific abuse of valid credentials to facilitate access and persistence in victim environments, the research found.

Several brokers advertised access in bulk during 2022, while others continued to use the “one-access one-auction” technique, according to CrowdStrike. The most advertised sectors by access brokers in 2022 were the academic, technology, and industrial sectors, with government, healthcare, and retail the least advertised.