sb-au logo
Story image

One Identity reaches out to SolarWinds customers following breach

One Identity has committed to offering free security risk assessment to SolarWind’s customers, in a bid to uncover vulnerabilities, recommend improvements in architecture and practices, remediate misconfiguration, and mature their security posture.

According to the company, this free assessment seeks to help organisations navigate through times of uncertainty as attacks continue to grow in sophistication and complexity across the broad range of identity-centric risks.

This includes privileged accounts, Active Directory/ Azure Active Directory accounts, and entitlement assessment and management.

In addition, One Identity is offering three months of free use of its Safeguard privileged access management solution.

One Identity’s free security assessment is designed to help organisations understand the impact of the SolarWinds breach, and help them gain insights into bolstering their security.

The risk assessment focuses on: the effectiveness of the customer's service account provisioning and management approach; identification of accounts with inappropriate privileges; potential opportunities to lower privileges of existing service accounts; whether they are prepared to effectively identify appropriate account actions; the risks associated with their federation approach; the best roadmap for organisations to adopt a Zero-Trust strategy; and how to prevent future attacks.

According to the company, the vast majority of breaches involve the abuse or misuse of elevated privileges.

Furthermore, as recent events have highlighted exploited elevated Active Directory privileges are particularly targeted, putting sensitive data at risk.

To proactively address these types of threats, One Identity recommends implementing a series of best practices that can improve organisation’s security posture and reduce risk.

Taking a dynamic approach to Zero-Trust can help organisations mitigate risk and minimise exposure, the company states.

By integrating a Zero-Trust strategy with comprehensive privileged access management (PAM), including password management, session audit and privileged behaviour analytics, organisations can build a proactive privilege defence.

Zero Trust implementation is most successful when coupled with a least-privilege access model where individuals (in particular those individuals who require elevated permissions) are only granted the precise entitlements necessary to do their everyday job.

One Identity president and general manager Bhagwat Swaroop says, “In today’s all digital and hyperconnected world, everyone is a privileged user, and sophisticated attackers exploit and misuse that privilege in the most nefarious ways.

"The SolarWinds breach and resulting privilege abuse is the latest example of that trend. In light of the SolarWinds breach that impacted 18,000 organisations on a global scale, ensuring our customers have deep visibility and actionable intelligence to improve their security posture is of the utmost importance to us at One Identity.”

Swaroop says, “By providing this free assessment to organisations, we are able to share our deep knowledge of identity-centric security and Zero-Trust defence with the broader industry, and help these SolarWinds customers develop a remediation strategy for recent cyber attacks and proactive defence against the future.”

Story image
Research reveals increase in critical, low complexity vulnerabilities
2020 saw a large spike in physical and adjacent vulnerabilities, likely due to the proliferation of IoT and smart devices in use and being tested by researchers.More
Story image
Cybercriminals take bold steps forward as confidence soars - CrowdStrike report
Criminals are especially interested in targeting the supply chain as it enables them to go after multiple targets from a single intrusion point.More
Story image
Dicker Data scores One Identity distribution agreement for Australia
Dicker Data has entered into a distribution agreement with One Identity, a Quest Software company specialising in identity-centric security. The agreement was effective as of 1 March 2021.More
Story image
Essential tools for managing user identity and how they impact your bottom line
Customer identity and access management (CIAM) is how companies give their end-users access to their digital properties, as well as how they govern, collect, analyse, and securely store data for those users.More
Story image
Ping Identity announces appointment of new VP of R&D
In his new role as head of research and development, Burke will be expected to drive product strategy and development across Ping Identity’s entire suite of solutions.More
Story image
Kaseya acquires RocketCyber to bring SOC solutions to more businesses
"With this acquisition, we've doubled down on our security investments to provide our customers with access to experts who can continuously monitoring their IT environments without the cost and complexity of disparate tools.”More