Strengthen Your CIEM Strategy with a New Dashboard to Guide Security Teams

May 30, 2024
5 minutes
... views

Managing cloud infrastructure and entitlement management (CIEM) becomes increasingly challenging in a multicloud environment, with a proliferation of machine and user identities and users accessing the cloud through various identity providers (IdPs). The volume of data compiled by CIEM tools can make it difficult to know where to begin.

As your trusted security advisor, Prisma Cloud is building new capabilities to give your organization a strong point of view on where to focus your time with identity and access management (IAM). Three areas where we believe that organizations should have an increased focus are:

  • Admins
  • Overly permissive identities
  • Third-party access

Focus on Your Most Risky Entitlements: Admins

According to Microsoft’s 2023 State of Cloud Permissions Risks report, more than 50% of identities are super admins—users or workloads that have access to all permissions and resources. This is a shocking statistic that clearly violates the principle of least privilege. Admin entitlements should be granted as infrequently as possible, as they present the most risk to an organization.

An important feature in a CIEM tool is to be able to easily highlight admin access levels within the cloud environment to ensure they’re only granted to necessary users. If admins have unused privileges, it’s a security best practice to either assign a new policy or remove the unused permissions.

Prisma Cloud makes it easy for organizations to identify these admins with an extensive policy set and remediation guidance that will remove risky, overly permissive access.

Most Identities Are Overly Permissive

It's common sense that organizations should remove overly permissive access. But the facts tell a different story, according to the Microsoft study, which reported:

  • Identities use, on average, 1% of the permissions they’re granted
  • More than 60% of identities are inactive and haven’t used any of the permissions granted in the last 90 days

Statistics like this prove that organizations are failing to properly secure their identity attack surface.

Granting overly permissive access is a significant problem, since almost every successful cloud cyberattack has an identity component to it. To combat this, Prisma Cloud provides remediation guidance to achieve least privilege and also gives recommendations for removing unused access within a service, provisioning users with access to only the actions they need.

Prisma Cloud least-privileged access suggestions
Figure 1: Prisma Cloud least-privileged access suggestions

To help organizations easily highlight overly permissive access, Prisma Cloud automatically notifies security teams of overly permissive access. Additionally, to go a level deeper, the intuitive RQL now enables easy investigation of overprivileged access.

Govern Third-Party Access

Governing third-party access is a vital component of comprehensive cloud security. Third parties, including vendors, contractors and partners, often require access to various parts of an organization's cloud infrastructure to perform their functions. However, this access can introduce significant security risks. If not properly managed, it can lead to unauthorized actions and data breaches.

By continuously monitoring and auditing third-party access to cloud environments, Prisma Cloud enables organizations to enforce strict access controls, such as least-privilege, over third-party access. Through effective management of third-party entitlements, organizations can maintain stronger security postures and mitigate potential threats arising from external access.

To ensure that third parties only have access to the resources necessary for their roles, reducing the risk of exposure to sensitive data and critical systems, Prisma Cloud has recently released an extensive list of policies that help organizations govern if a third-party service account can assume a service account with high privileges or if a third-party account has lateral movement.

Discover the New Identity Dashboard

To help organizations implement this strategy, Prisma Cloud has released the identity dashboard. Use the dashboard as your new hub for identity security, providing a consolidated risk oversight tool that empowers teams to proactively detect and mitigate identity-based threats. It offers in-depth visualizations to address questions such as:

  • What are my top identity and access management risks relative to my cloud assets?
  • How many admins do I have? How many admins have unused permissions?
  • What risks require my immediate attention?
  • Are there over privileged identities in my environment? What types of access do the overly permissive identities have?
CIEM Dashboard
Figure 2: CIEM Dashboard

We know teams are overburdened with security alerts and often don’t know where to start, which is why Prisma Cloud makes it easy for your organization to know where to focus your time when securing your cloud identities.

Unlock Attack Paths with Prisma Cloud CNAPP

A misconfigured or overly permissive identity by itself doesn’t always represent application risk. CIEM is seamlessly integrated into the Prisma Cloud platform, enabling security teams to correlate findings so they can prioritize and understand critical risks. Prisma Cloud analyzes misconfigurations, vulnerabilities, public exposures, excessive permissions, exposed secrets, sensitive data, incidents and more. The platform combines multiple risk factors across identities and cloud assets to visualize interconnected risks and prioritize alerts, helping security teams understand how several configuration mistakes form attack paths.

By integrating a leading CIEM solution into its cloud-native application protection platform (CNAPP), Prisma Cloud ensures the security of applications from code to cloud across multicloud environments. The comprehensive security, continuous visibility and proactive threat prevention give organizations the ability to stop attacks in runtime, fix issues in the cloud and fix forever in code. Keep track of our latest CIEM innovations.

Learn More

If you’d like to learn more about how Prisma Cloud can secure the identity attack surface, register for an upcoming Visibility & Control bootcamp.

 

 

 


Subscribe to Cloud Native Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.