Commonly Overlooked Security Vulnerabilities in Identity Solutions

Written by Kate Lake on September 8, 2021

Share This Article

Now that modern organizations tend to rely on software and cloud infrastructure rather than physical space to tie people and resources together, choosing the right identity solutions and configuring them to meet your organization’s needs is paramount. Further, with hacking on the rise as bad actors learn to exploit IT infrastructure vulnerabilities in newly remote or hybrid-remote environments, securing the solutions in your infrastructure is more important than ever. And with credentials at the top of cybercriminals’ list of sought-after data types, this is especially true when it comes to identity and access management (IAM) and directory solutions.

However, choosing an IAM or directory solution that includes some level of security isn’t enough to actually guarantee security. In a recent CRN article, CrowdStrike CEO and co-founder George Kurtz detailed common security pitfalls in identity and directory solutions — including those from big-name providers — and highlighted the importance of holistic security in an organization’s IT infrastructure. In this article, we’ll discuss some of those common risks, best practices for detection and mitigation, and how to best set up an IT infrastructure with sound security.

Common Risks in Identity and Directory Solutions

Security best practices always prescribe authentication before authorization; however, even seemingly secure authentication methods can be subject to compromise. Pass-the-hash attacks, for example, exploit authentication protocols by stealing hashed passwords and re-using them in new environments without ever unhashing and rehashing them. And while multi-factor authentication (MFA) can help prevent attacks like these, it’s less likely to thwart other types of attacks, like golden ticket and golden SAML attacks, which exploit vulnerabilities in Microsoft Active Directory to access and forge authentication tokens and keys. 

Security-focused companies should work to model out vulnerabilities like these and act quickly when new software vulnerabilities arise or become known. Ideally, software providers should consistently monitor and test their products’ security so they can develop fixes for vulnerabilities as soon as they’re identified.

Note that companies using on-prem directories (or any on-prem technology) don’t automatically benefit when the provider updates its offerings to close security gaps. IT teams with on-prem directories need to stay current on the latest updates and out-of-band security bulletins, test new updates rigorously, implement them promptly, and maintain ongoing security checks. Companies using cloud-based directories, by contrast, automatically reap the benefits when a provider delivers an update.

Addressing Risks

Regardless of your directory format, you and your IT team should be aware of your vendors and their security practices and monitor security within your organization. The following are a few of the key elements to staying ahead of risk and building a secure IT infrastructure.

Start with Zero Trust

IT infrastructure’s shift from centralized and on-prem to dispersed and cloud-based drove the need for a change in security approach. Perimeter-based security gave way to a software-based, Zero Trust approach, which is now considered best practice and critical to establishing a reliable security baseline. 

With Zero Trust security, verification is always required before authenticating a user or device (even by location), with MFA as the basis for “step-up” verification over a single-factor method, like the traditional username/password login. This alone can prevent several types of threats — especially credential theft attacks, like phishing and pass-the-hash techniques, which are highly popular and effective when the credentials are the only factor of authentication.

The only way to implement a Zero Trust approach is to implement it everywhere: it should be present throughout your IT infrastructure. Any lapses are security gaps, and even a small gap can give hackers the in they need to access your entire network. Start by requiring MFA for access to all organization resources. Single sign-on (SSO) is a great tool to support this initiative: it keeps logins consistent, relieves users from the burden of too much login friction, and adds the ability to lock down access through MFA. Look for a directory solution that offers an integrated SSO and MFA capability to keep data centralized and unified.  

Gather Data for Risk Detection 

Ransomware is on the rise, and with each paid ransom, cybercriminals receive another sum of money to fund their next black-hat venture. Through a development process that’s not far from a traditional DevOps model, hackers develop new techniques for attack quickly and skillfully.

This means that looking for known threats isn’t enough.

While software should be able to recognize and thwart known threats — like the golden ticket and SAML attacks discussed above — they should also be able to detect new, unidentified ones. This process goes beyond signature detection and into behavior analysis and reporting technology. With a robust reporting solution, system administrators should be able to get a clear picture of who is accessing what IT resources, including which types of activity look normal and which look suspicious. This can help identify and mitigate sophisticated, unknown threats before they take hold — especially supply chain attacks, which can start with compromised user credentials.

Implement EDR 

Now that most business networks are dispersed and network traffic is made up of more endpoints than a traditional on-prem network, endpoint detection and response (EDR) is becoming a critical component of robust security insights. Combining IAM with mobile device management (MDM) allows IT admins to integrate these two data sets to collect more insights and better contextualize network activity data.

For this reason, JumpCloud offers both IAM and MDM under one cloud directory platform. JumpCloud Directory Insights, for example, can report on directory, SAML, RADIUS, LDAP, MDM, and device events. Events can include authentications, lockouts, commands, and more. It can also pair with JumpCloud System Insights for an even more granular view into devices with data around each device’s hardware, software, system info, OS, network, users, and groups. The result is a clear, holistic, and contextual view of all network and endpoint activity, allowing IT admins to more easily spot patterns and identify anomalies.

Choose Security-Focused Vendors

In Kurtz’s article, he differentiates between best-of-platform and best-of-breed. Often, companies known for being best-of-breed will offer point solutions with a great deal of depth, but will require organizations to find, procure, and manage multiple solutions. Large platform vendors often cobble together a suite of best-of-breed solutions through acquisition and then try to stitch them together, often bolting on security after the fact. However, offering security isn’t quite the same as being a security company.

Security-focused companies infuse security into the development process of everything they create. Companies with a robust suite of products, on the other hand, may offer security as one of many solutions, but may not have developed the rest of their software with a security-first mindset. It’s the classic jack of all trades, master of none scenario: companies that are good at many things likely aren’t great at all them — and when it comes to security, anything less than great is a liability.

Kurtz recommends a best-of-platform rather than suite-of-products approach to building out IT infrastructure: choosing solutions by platform performance, not by vendor name. With this model, companies should emphasize security when looking at IAM and directory solutions. While it can be tempting to use the same vendor for many solutions because they work well with one another, overly homogeneous environments can be a disadvantage when the individual solutions don’t perform as well as others on the market. 

Set Up for Remote

Companies that support any amount of remote or hybrid work need to make sure their IT infrastructure supports it. Rather than tacking on solutions one by one to address added remote work challenges, companies should make sure their infrastructure is natively compatible with a dispersed network and workload. That means choosing core platforms that are cloud-friendly, deliver detailed insights, and can scale and adapt to remote work needs.

Choose Centralized and Robust Where Possible

As you take into consideration best-of-platform over a software suite, consider the financial and security impact that reducing the number of tools you need in your infrastructure can provide. Centralized, robust solutions and a consolidated IT stack effectively take on the burden and risk of integrating tools with one another, which was once IT’s responsibility. Some directory services, for example, combine device management, single sign-on (SSO), MFA, and other tools into their platform’s offering. This centralized solution eliminates the need to purchase and integrate multiple solutions, and thus reduces — or even removes — the need to introduce middleware or custom scripting by your team or a third party to create the same efficiencies. In addition, centralized directories help maintain data integrity; when centralized, all resources use the same source for their directory information, eliminating the chances of discrepancies that can further compound and deviate over time.

JumpCloud, for example, offers MFA, OS-agnostic MDM, user lifecycle management, robust insights, SSO, SCIM and JIT-provisioning, RADIUS authentication, and other tools that eliminate the costs and integrations required to configure all the add-ons necessary in the AD model. In this model, the directory remains centralized and connects users to virtually all their IT resources, including files, devices, networks, software, cloud applications, and more. All those resources source the same directory information, keeping data streamlined and secure.

Always Prioritize Security

Whether you’re looking to implement or replace solutions, or you just want to assess your current security environment, knowing your vendors is key. This includes understanding the scope of what they can do and what they can’t — especially when it comes to security. 

Further, when choosing vendors, a security-first company will likely provide more reliably secure solutions than a company with a suite of solutions with several point areas of focus.

JumpCloud is a security-first company, and the JumpCloud directory platform is based in Zero Trust security and offers MFA, SSO, Directory Insights and System Insights to help organizations detect and prevent threats. The JumpCloud directory platform centralizes users, devices, and networks, and takes a multi-protocol approach to authenticate and authorize users to virtually all the IT resources they need to do their work. 

To implement a centralized directory with Zero Trust security in your environment, sign up for JumpCloud Free — it’s free for up to 10 users and 10 devices, and it includes live premium chat for the first 10 days to help you optimize the platform to your environment. 

Continue Learning with our Newsletter