Identity security is the central battleground in cybersecurity, affirmed Silverfort VP of Strategic Alliances and Corporate Development Ben Goodman and host Adrian Sanabria during a recent CRA webcast.Rather than relying on Hollywood-style "hacking," today's attackers overwhelmingly exploit identities, the two agreed, logging in with stolen or abused credentials to move laterally across systems."People don't hack in. They log in," said Goodman. "There's service accounts that are sitting around in organizations for decades now. They're overprivileged."Once inside an organization, attackers take advantage of legacy systems and overprivileged accounts. But the real prize is non-human identities like service accounts, which can persist for years without proper governance. Identity sprawl across cloud, on-prem, SaaS, and hybrid environments also creates blind spots that attackers are skilled at finding and exploiting.Traditional detection methods don't work terribly well when faced with identity-based attacks. Because successful logins don't trigger alerts, defenders must rely on behavioral analysis and correlated signals rather than isolated events.Goodman and Sanabria stressed the importance of understanding normal behavior as a baseline, then identifying anomalies through patterns of weak signals that become meaningful when combined."A dormant account on its own may not be interesting," said Goodman. "But a dormant account all of a sudden coming online and then creating a long-standing token? It's the combination of events which become very interesting."In environments where organizational silos and fragmented tooling prevent defenders from seeing the full picture, this approach can be especially important.There's also a growing complexity introduced by non-human and AI-driven identities. Service accounts, long a hidden risk, are now joined by AI agents that act on behalf of users but behave in less predictable ways. These agents blur traditional identity boundaries, requiring new approaches to governance, monitoring, and risk-based controls.Identity security must evolve to handle deterministic systems (like service accounts) alongside non-deterministic ones (like AI agents) within a unified framework. This evolution reinforces the need for layered defenses, combining strong authentication with continuous monitoring of post-login activity.Goodman and Sanabria emphasized that detection alone is not enough. Organizations must react in real time by blocking access, triggering step-up authentication, and introducing friction when risk levels rise. Just as importantly, organizations need to continuously test and refine their defenses."I always stress understanding what normal looks like," said Sanabria, "because if the first time you're looking at your systems, at your logs, is during the incident, there's going to be so many rabbit holes, there's going to be so many distractions."Effective identity security requires not just tools, but disciplined practices such as baseline understanding, continuous validation, and integrated visibility across the entire identity ecosystem.
Identity, AI/ML, Governance, Risk and Compliance

Rethinking identity security for a borderless attack surface

Credit: Adobe Stock Images

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



