Home Security SailPoint turning to AI to improve identity governance

SailPoint turning to AI to improve identity governance

Identity governance specialist is adding AI to its mix.

SailPoint's business is identity governance for on-premises and cloud systems, global vice-president for product management Paul Trulove (pictured) told iTWire.

The company sees identity and access management as being central to security, so SailPoint's platform is designed to work with other security products such as privileged account management and security information and event management (SIEM) products.

Identity management and privileged account management have traditionally been seen as two separate technologies, but much can be gained by "putting identity at the centre of enterprise security".

For example, CyberArk's Privileged Account Security Solution acts as a "vault", he explained, allowing users to check out privileged account credentials, watching what they do, and then checking the credentials back in.

What security teams want to do, he said, is control CyberArk from SailPoint in order to obtain full visibility of who did what. So SailPoint has provided APIs for this type of integration.

Integration with ITSM systems such as ServiceNow is also provided, allowing for situations where human intervention is needed to correct an issue.

The next step will be to start applying AI to identity governance. A forthcoming product called Identity AI will take historical access records and perform peer group analysis to initially look for unusual situations.

Trulove gave the example of an employee who had recently been promoted but still had the access rights associated with their previous role even though this was no longer appropriate.

It will subsequently look for behavioural outliers, such as an individual requesting access that no peer has previously sought. This will allow the automatic escalation of high-risk situations, while routine requests will be processed with or without human intervention as appropriate.

The AI will also be fed by other systems such as SIEM, allowing it to determine baselines and detect outliers. For example, 95% of accesses to a certain system might occur during normal business hours, so the security team would be alerted to a spike in weekend access. It might indicate inappropriate or malicious use of the system, or it could be something as innocent as the employee visiting a branch or customer in Tel Aviv, where Sunday is a normal working day.

Over time, the AI will learn about behaviours that are approved, allowing it to automatically mitigate those that aren't.

"It's really about risk mitigation and proactive responses," Trulove said.

SailPoint has had a presence in Australia since 2008. Local customers include leading life insurer TAL (more than 1800 identities under management), the top five banks (a combined 250,000 identities; SailPoint is generally coy about naming customers, but that clearly includes ANZ, CBA, NAB, Westpac and either Bendigo and Adelaide or Macquarie), and the "largest retailer" (200,000 identities; presumably Woolworths), two major energy companies, and four Commonwealth Government organisations.

There is increasing interest from higher education and other sectors that need to protect personal information, Trulove observed.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

RECOVERING FROM RANSOMWARE

Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.

DOWNLOAD THE REPORT!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

 

Popular News

 

Telecommunications