NEW YORK and TEL AVIV, Israel, Feb. 24, 2022 /PRNewswire/ -- Illusive, the leader in identity risk management, today announced the launch of Illusive Spotlight™ and Illusive Shadow™, its patented identity risk management platform, which enables organizations to automatically and continuously discover, mitigate, and protect against identity risks. Despite the deployment of privileged account management (PAM), multi-factor authentication (MFA), and other identity and access management (IAM) solutions, new research from Illusive reveals that exploitable identity risks are present on 1 in 6 enterprise endpoints.
According to Gartner®, "Converging identity data and other identity threat signals is crucial to preventing the type of sophisticated identity attacks that have been on the rise."1
According to the 2021 Verizon Data Breach Incident Report, credentials are the most sought-after data type in a breach. The Identity Defined Security Alliance reports that 79% of organizations have experienced an identity-related security breach. The Identity Theft Resource Center reports that ransomware attacks doubled in 2021 to reach an all-time high.
According to Gartner, "Many breaches are caused by security and identity tools that have been misconfigured, not fully configured or whose configurations are out of date."1
Unmanaged, misconfigured, and exposed identity risks include non-human service accounts, shadow admins (i.e., misconfigured users with unintended privileges), and legacy applications with hard-coded credentials, which are easily exploited by attackers to move laterally across the network, enabling them to take complete control.
Illusive's platform is a full lifecycle identity risk management solution. Illusive Spotlight™ automatically and continuously discovers and mitigates privileged identity risks. Illusive Shadow™ protects against identity risks that can't be readily remediated. Key features include:
- Continuous Discovery – Illusive scans endpoints, servers, and Active Directory for identity risks including misconfigurations, accounts that aren't being managed, and credentials that are exposed.
- Automated Remediation – Illusive automatically clears cached credentials from endpoints and servers and delivers prioritized insights into identity risks directly related to successful attack tactics, techniques and procedures.
- Proactive Protection – Compensating controls monitor and protect against identity risks.
"Organizations can be blindsided and overwhelmed by the sheer volume of identity risks present in their organization, but Illusive does not just list these problems, we are providing practical automation for organizations to resolve them," said Brendan O'Connell, Chief Product Officer, Illusive. "Illusive is like an easy button for organizations to clean identity risks from their environment, minimizing the impact of an attack."
Illusive Research Reveals Identity Risks in 100% of Organizations
Illusive also announced the publication of its inaugural identity risk research report, Analyzing Identity Risks (AIR) 2022, which reveals that unmanaged, misconfigured, or exposed identity risks are present in all organizations at a rate of 1 in 6 endpoints. Additional key findings include:
- Unmanaged Identity Risks – 87% of local admins were not enrolled in privileged account management solutions.
- Misconfigured Identity Risks – 40% of shadow admins (i.e., misconfigured users with unintended privileges) can be exploited in one step.
- Exposed Identity Risks – More than 1 in 10 (13%) endpoints contain privileged account passwords that have been left exposed (e.g., cached credentials).
Read Now – Analyzing Identity Risks (AIR) 2022
Contact Now – Complimentary Identity Risk Assessment
- Gartner, Predicts 2022: Identity-First Security Demands Decentralized Enforcement and Centralized Control, Tricia Phillips, Erik Wahlstrom, Henrique Teixeira, Mary Ruddy, Michael Kelley, 23 November 2021.
Disclaimer: GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
lllusive continuously discovers and automatically mitigates privileged identity risks that are exploited in all ransomware and other cyberattacks. Despite best-practice investments to protect identities, including deployment of PAM and MFA, 1 in 6 enterprise endpoints holds exploitable identity risks.
Illusive makes it easy for security teams to get visibility into the vulnerable identities sprawled across an organization's endpoints and servers, then eliminate them or deploy deception-based detection techniques as a compensating control to stop attackers. Illusive has participated in over 140 red team exercises and has never lost one!
Founded by nation state attackers, Illusive's technology is trusted by large global financial companies, retailers, services organizations, and pharmaceutical companies.