Story image

One Identity reaches out to SolarWinds customers following breach

By Catherine Knowles, Wed 27 Jan 2021

One Identity has committed to offering free security risk assessment to SolarWind’s customers, in a bid to uncover vulnerabilities, recommend improvements in architecture and practices, remediate misconfiguration, and mature their security posture.

According to the company, this free assessment seeks to help organisations navigate through times of uncertainty as attacks continue to grow in sophistication and complexity across the broad range of identity-centric risks.

This includes privileged accounts, Active Directory/ Azure Active Directory accounts, and entitlement assessment and management.

In addition, One Identity is offering three months of free use of its Safeguard privileged access management solution.

One Identity’s free security assessment is designed to help organisations understand the impact of the SolarWinds breach, and help them gain insights into bolstering their security.

The risk assessment focuses on: the effectiveness of the customer's service account provisioning and management approach; identification of accounts with inappropriate privileges; potential opportunities to lower privileges of existing service accounts; whether they are prepared to effectively identify appropriate account actions; the risks associated with their federation approach; the best roadmap for organisations to adopt a Zero-Trust strategy; and how to prevent future attacks.

According to the company, the vast majority of breaches involve the abuse or misuse of elevated privileges.

Furthermore, as recent events have highlighted exploited elevated Active Directory privileges are particularly targeted, putting sensitive data at risk.

To proactively address these types of threats, One Identity recommends implementing a series of best practices that can improve organisation’s security posture and reduce risk.

Taking a dynamic approach to Zero-Trust can help organisations mitigate risk and minimise exposure, the company states.

By integrating a Zero-Trust strategy with comprehensive privileged access management (PAM), including password management, session audit and privileged behaviour analytics, organisations can build a proactive privilege defence.

Zero Trust implementation is most successful when coupled with a least-privilege access model where individuals (in particular those individuals who require elevated permissions) are only granted the precise entitlements necessary to do their everyday job.

One Identity president and general manager Bhagwat Swaroop says, “In today’s all digital and hyperconnected world, everyone is a privileged user, and sophisticated attackers exploit and misuse that privilege in the most nefarious ways.

"The SolarWinds breach and resulting privilege abuse is the latest example of that trend. In light of the SolarWinds breach that impacted 18,000 organisations on a global scale, ensuring our customers have deep visibility and actionable intelligence to improve their security posture is of the utmost importance to us at One Identity.”

Swaroop says, “By providing this free assessment to organisations, we are able to share our deep knowledge of identity-centric security and Zero-Trust defence with the broader industry, and help these SolarWinds customers develop a remediation strategy for recent cyber attacks and proactive defence against the future.”

Recent stories
More stories