The 44th Edition of the Identity Jedi Newsletter: ITDR SPECIAL EDITION

Jedi We are coming off our biggest growth month of the newsletter, and none of that is possible without you. Let’s keep this thing going! Hit the link to share the newsletter and get yourself some free stuff!

My Beef with Gartner

Yeah, we knew this was coming sooner or later. Let me first say I respect the work and research that Gartner does and while I agree with the overall premises of what they define as ITDR, I disagree with some key points.

Get your popcorn.

Ok, first, let’s look at Gartner’s definition of ITDR

I’m 1000% in agreement with this, nodding vigorously until the last word.

Infrastrcuture. 

Sigh. Ok this is where the nuance comes in. Yes, it’s important to protect identity infrastructure. I’ve said for many years, that once the bad guys figure out that IAM tools hold the keys to the kingdom, we’re fucked. However, we don’t build businesses around infrastructure; we build them around identities. Let me explain.

When’s the last time you heard an organization say: “We’re happy to report record numbers this quarter and it’s all thanks to our Active Directory system”.

I’ll wait…..

…….

Yeah, that’s right, NEVER. Because we build tools to empower PEOPLE to create widgets or services to sell. Those same PEOPLE accomplish those tasks by using information systems, and in order to do that, we have to create digital representations of them, and those representations we call digital identities. We take these identities and assign them access to applications and data. We even create digital identities that represent applications. It’s these things ( the digital identities) that we need to protect, in ADDITION to the infrastructure. It’s a small thing but extremely important. Because the infrastructure by itself, means nothing if digital identities aren’t tied to it.

Let’s dive a little deeper into the difference. Protecting infrastructure, specifically in this case, means making sure the IAM system and/or application is intact. So think Active Directory, Okta, SailPoint., etc. It’s a bad day if your Active Directory decides it’s not accepting authentication requests, or Okta decides no one can log in today. That’s a different threat than if your Active Directory is responding to authentications and 50 more Domain Admin accounts have recently been created. That’s a different kind of threat.

Speaking of threats, let’s look at how Gartner defines and identity threat:

Pretty sure you can guess my response to this.

Okay I’ve talked about what I don’t like, now let me talk about what I do like.

Everything else..lol.

Listen, we’ve done tremendous things with the current generation of identity products. We’ve established best practices, created and (actually implemented) standards to make things easier. But it’s time for identity to get involved in the fight. I’ll never say that the decision to silo identity products was a bad one. I think we, as an industry, needed this to silo these products so we could build expertise in each area. But identity has never been a one-product problem. It orchestrates several things, all coming together in a very choreographed dance. ITDR is that dance.

The “Gap” between security and identity

Let’s talk about the “Gap”. I’ve written before about how identity has claimed to be a security product, and how we are finally starting to catch up with the marketing hype. But why is there a need to catch up at all?

First let’s think about how we approach security. We often use the term “layered approach,” another way to discuss the castle defense model. Which is to take your most precious resource, put it in the middle of the castle, and build many walls to surround it. Once you run out of walls, then you build moats.

The logic here is that the more walls in front of your resource and attacker, the longer it will take for them to get through, giving you time to defeat them.

Makes sense, right?

We’ve deployed this same thinking model for centuries and to almost everything. Including cybersecurity. Firewalls, network topologies, authentication systems, etc. All of them are just walls we are placing in front of our resources.

The problem is, we missed a resource. We focused solely on protecting data, and applications; we forgot about identities. In doing so, we created the following gap:

Security tools do a great job at monitoring threats to the outside walls, servers, devices, and applications and detecting when things make it through. I refer to this as infrastructure access. However, they have limited visibility into identities and how they access that infrastructure. While on the other side, identity tools have limited ( I would say no) visibility into infrastructure access.

Additionally, Identity systems are mostly preventative controls. ( I said mostly, all you AuthN/AuthZ readers, calm down). This means that the result of an action with this system is to prevent something from happening. Cool. Spend 15 minutes with a toddler and see how well prevention works. In the words of the great Ian Malcolm: “Life finds a way”

In the world of cybersecurity, that means access will not stay the way you provisioned,, policies will not get followed, and in general: shit happens.

So what do we do with said shit?

We pick it up, of course. But in this case, we haven’t. We’re like that one dog owner in the park, who sees their dog drop a turd, and then just walks away. Because, ya know, someone else will pick it up. ( If you’re reading that last part and are offended…well…. not sorry)

We’ve expected security to pick up after us , because it’s “their” job to ya know do all the cool security stuff. But as we’ve said they don’t have the visibility to understand how an identities interacts with the things they are protecting. So what we get is a perfect use of the age old picture below:

And that my friends, is the Gap.

Cisco and Oort sitting in a tree…

So Cisco has announced its intent to acquire ITDR company Oort. A BIG congratulations to the Oort team! I was lucky enough to have the CEO of Oort, Matt Caufield on the podcast earlier this year and I love their view of the market and what they are building. Can’t wait to see what’s next for them with the Cisco team.

Not only does this validate the market for ITDR, but I also think it kicks off the next round of acquisitions that we’ll see in the Platform Wars. Security vendors need to talk Identity, and Identity vendors want to get more security like, I’m betting that over the next 18 months we’ll see two more acquisitions in this space. Another traditional security company, and one of the big identity vendors. ( Which includes uncle Tommy B aka Thoma Bravo).

I think things are about to get VERY interesting.

Here’s the official statement

Become a paying subscriber of Identity Jedi Newsletter to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In