- The Relationship Between Network and Security: Why They're Ditching the "It's Your Fault" Game
- 72 hours later with Galaxy S25 Ultra - the AI hype is getting real for me
- Revolutionizing Investigations: The Impact of AI in Digital Forensics
- I tested Samsung's $1,300 Galaxy S25 Ultra - and I'm slowly becoming an AI phone believer
- Can you make an AirTag last 10 years? It took me a seconds to do it
The Frontier of Security: Safeguarding Non-Human Identities
Dropbox, Microsoft, Okta – not only are these all major software companies, but each of them has fallen victim to a supply chain attack due to a compromised non-human identity. For decades the security industry has prioritized protecting human identities, but with the influx of Gen-AI tools and increase in automation, new identities have emerged, opening up an entirely new attack surface: non-human identities (NHIs). As NHIs continue to be the focus of exploitation, organizations must pivot their security strategies from asking, “How are you protecting yourself against potential threats?” to “How are you protecting yourself against your own vendors?”
Non-Human Identity Attack Surface: Large and (not) in charge
While human user identities are well-established, with multi-factor authentication (MFA), IP restrictions, and other robust protocols, non-human identities, often in the form of API keys, OAuth tokens, service accounts, and other secrets, represent a different kind of challenge. These credentials are used by applications, services, and automated processes to communicate and perform tasks within a network, often with significant privileges and minimal oversight.
Non-human identities are often riddled with vulnerabilities due to their extensive and permissive nature. Created on a daily basis, there are roughly 20,000 non-human identities for every 1,000 employees – which raises an incredibly high bar for security teams to keep up with monitoring and governing NHIs. As a result, hackers exploit these weaknesses, often gaining unauthorized access to critical systems and sensitive data.
Supply Chain Attacks are the Core
This story has played out a number of times, even within the last few months – from Okta and Microsoft to Dropbox and Snowflake, supply chain attacks have become a preferred method for cybercriminals. By targeting software providers, hackers gain a “golden ticket” to not just one but multiple networks rich with valuable data. Compounding this issue is the proliferation of applications and tools. With automation and cloud environments, a business’s ecosystem is made of hundreds if not thousands of different vendors that have access to its systems. Organizations don’t have the right visibility into all of these vendors because everything is automated and cloud-based. The sheer volume of these connections alone – and also the fact that anyone can add these services – makes it impossible to track and monitor without automated tools.
Addressing the Identity Challenge
Incident response efforts often fall short due to the fragmented nature of security platforms because each vendor, tool, application, etc., handles token management and application consents differently. So how does an organization begin to protect its NHIs? It begins with having a handle on your third-party vendors and overall security posture.
- Implement a comprehensive security strategy: Align privacy, third-party risk management (TPRM), and security efforts across various roles, including IT administrators, developers, and cloud architects. This is essential to enhance security measures and improve the effectiveness of incident response teams in the event of an attack.
- Ensure you have continuous and real-time inventory of all connected NHIs: If you’re able to see into each NHI connection and viewpoint, security teams will have a better grasp of risky connections and be able to prioritize the threat.
- Focus remediation efforts: Provide detailed information about the services and resources an NHI can access. Be as specific as possible so that there are no loopholes and potential risks.
- Be as proactive as possible: Create activity logs, set-up automated workflows and provide investigation guides for security teams. This will all help to manage any atypical NHI activity, or other potential risks, in real-time.
Cloud security and automation will continue to skyrocket, but so too will non-human identities and their associated risks. It’s time to outsmart the hackers, and take back control of your own environment – both internally and externally. The next time you engage with a vendor, make NHIs a central topic of discussion. Inquire about their strategies and tactics for securing these identities. Addressing these challenges collaboratively is far more effective than attempting to manage them on your own.
About the Author
Idan Gour is the CTO and co-founder of Astrix Security, the enterprise’s trusted solution for securing non-human identities. Gour has over a decade of cybersecurity and leadership expertise that spans military and enterprise environments, including strategic roles in the Israeli Military Intelligence Unit 8200 and software development positions at Deep Instinct. Idan can be reached online at [email protected] and @AstrixSecurity and at our company website https://astrix.security/.
