March 2024
Intermediate to advanced
301 pages
7h 15m
English
book
Identity Attack Vectors: Strategically Designing and Implementing Identity Security, Second Edition
by Morey J. Haber, Darran Rolls
Overview
Today, it’s easier for threat actors to simply log in versus hack in. As cyberattacks continue to increase in volume and sophistication, it’s not a matter of if, but when, your organization will have an incident. Threat actors target accounts, users, and their associated identities—whether human or machine, to initiate or progress their attack. Detecting and defending against these malicious activities should be the basis of all modern cybersecurity initiatives.
This book details the risks associated with poor identity security hygiene, the techniques that external and internal threat actors leverage, and the operational best practices that organizations should adopt to protect against identity theft, account compromises, and to develop an effective identity and access security strategy. As a solution to these challenges, Identity Security has emerged as a cornerstone of modern Identity and Access Management (IAM) initiatives. Managing accounts, credentials, roles, entitlements, certifications, and attestation reporting for all identities is now a security and regulatory compliance requirement.
In this book, you will discover how inadequate identity and privileged access controls can be exploited to compromise accounts and credentials within an organization. You will understand the modern identity threat landscape and learn how role-based identity assignments, entitlements, and auditing strategies can be used to mitigate the threats across an organization’s entire Identity Fabric.
What You Will Learn
- Understand the concepts behind an identity and how its associated credentials and accounts can be leveraged as an attack vector
- Implement an effective identity security strategy to manage identities and accounts based on roles and entitlements, including the most sensitive privileged accounts
- Know the role that identity security controls play in the cyber kill chain and how privileges should be managed as a potential weak link
- Build upon industry standards and strategies such as Zero Trust to integrate key identity security technologies into a corporate ecosystem
- Plan for a successful identity and access security deployment; create an implementation scope and measurable risk reduction; design auditing, discovery, and regulatory reporting; and develop oversight based on real-world strategies to prevent identity attack vectors
Who This Book Is For
Management and implementers in IT operations, security, and auditing looking to understand and implement an Identity and Access Management (IAM) program and manage privileges in these environments
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.