Identity and Access Management systems form fundamental building blocks of Cyber Security with the increase in digitization and Identity automation. In recent years, identity-based attacks have been increasing exponentially using a combination of social engineering, phishing, and exploitation of vulnerabilities in configuration and infrastructure. As Identity became the perimeter, managing the Identity attack surface has become equally important. Whether your Identity platforms are SAAS or On-Prem, they need to be constantly monitored and integrated into your threat management platform
To understand these attack vectors, the first step is cataloging all key Identity capabilities, their infrastructure, and technology. Any small-to-mid-size company will minimally have Directories like Active Directory, Authentication capabilities like Single Sign On, and Privileged Access Management.