Nicht aus der Schweiz? Besuchen Sie lehmanns.de
Identity Attack Vectors - Morey J. Haber, Darran Rolls

Identity Attack Vectors (eBook)

Strategically Designing and Implementing Identity Security, Second Edition
eBook Download: PDF
2024 | 2., Second Edition
XXII, 299 Seiten
Apress (Verlag)
979-8-8688-0233-1 (ISBN)
Systemvoraussetzungen
62,99 inkl. MwSt
(CHF 61,50)
Der eBook-Verkauf erfolgt durch die Lehmanns Media GmbH (Berlin) zum Preis in Euro inkl. MwSt.
  • Download sofort lieferbar
  • Zahlungsarten anzeigen

Today, it's easier for threat actors to simply log in versus hack in. As cyberattacks continue to increase in volume and sophistication, it's not a matter of if, but when, your organization will have an incident. Threat actors target accounts, users, and their associated identities-whether human or machine, to initiate or progress their attack. Detecting and defending against these malicious activities should be the basis of all modern cybersecurity initiatives.

This book details the risks associated with poor identity security hygiene, the techniques that external and internal threat actors leverage, and the operational best practices that organizations should adopt to protect against identity theft, account compromises, and to develop an effective identity and access security strategy. As a solution to these challenges, Identity Security has emerged as a cornerstone of modern Identity and Access Management (IAM) initiatives. Managing accounts, credentials, roles, entitlements, certifications, and attestation reporting for all identities is now a security and regulatory compliance requirement.

In this book, you will discover how inadequate identity and privileged access controls can be exploited to compromise accounts and credentials within an organization. You will understand the modern identity threat landscape and learn how role-based identity assignments, entitlements, and auditing strategies can be used to mitigate the threats across an organization's entire Identity Fabric. 


What You Will Learn

  • Understand the concepts behind an identity and how its associated credentials and accounts can be leveraged as an attack vector
  • Implement an effective identity security strategy to manage identities and accounts based on roles and entitlements, including the most sensitive privileged accounts
  • Know the role that identity security controls play in the cyber kill chain and how privileges should be managed as a potential weak link
  • Build upon industry standards and strategies such as Zero Trust to integrate key identity security technologies into a corporate ecosystem
  • Plan for a successful  identity and access security deployment; create an implementation scope and measurable risk reduction; design auditing, discovery, and regulatory reporting; and develop oversight based on real-world strategies to prevent identity attack vectors


Who This Book Is For

Management and implementers in IT operations, security, and auditing looking to understand and implement an Identity and Access Management (IAM) program and manage privileges in these environments



Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four books: Privileged Attack Vectors, Asset Attack Vectors, Identity Attack Vectors, and Cloud Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud-based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Darran Rolls is CISO and Chief Technology Officer at SailPoint, where he is responsible for directing the company's technology strategies and security operationsand is co-author of Asset Attack Vectors. He joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. He currently oversees BeyondTrust technology management solutions for vulnerability, and privileged and remote access. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures for Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook. He has a long history in identity management and security at companies such as Tivoli Systems, IBM, Waveset Technologies, and Sun Microsystems. He has helped design, build, and deliver innovative, ground-breaking technology solutions that have defined and shaped the Identity and Access Management (IAM) industry. He frequently speaks at industry events and to customers about IAM and next-generation enterprise security solutions.


Today, it's easier for threat actors to simply log in versus hack in. As cyberattacks continue to increase in volume and sophistication, it's not a matter of if, but when, your organization will have an incident. Threat actors target accounts, users, and their associated identities-whether human or machine, to initiate or progress their attack. Detecting and defending against these malicious activities should be the basis of all modern cybersecurity initiatives.This book details the risks associated with poor identity security hygiene, the techniques that external and internal threat actors leverage, and the operational best practices that organizations should adopt to protect against identity theft, account compromises, and to develop an effective identity and access security strategy. As a solution to these challenges, Identity Security has emerged as a cornerstone of modern Identity and Access Management (IAM) initiatives. Managing accounts, credentials, roles, entitlements, certifications, and attestation reporting for all identities is now a security and regulatory compliance requirement. In this book, you will discover how inadequate identity and privileged access controls can be exploited to compromise accounts and credentials within an organization. You will understand the modern identity threat landscape and learn how role-based identity assignments, entitlements, and auditing strategies can be used to mitigate the threats across an organization's entire Identity Fabric. What You Will LearnUnderstand the concepts behind an identity and how its associated credentials and accounts can be leveraged as an attack vectorImplement an effective identity security strategy to manage identities and accounts based on roles and entitlements, including the most sensitive privileged accountsKnow the role that identity security controls play in the cyber kill chain and how privileges should be managed as a potential weak linkBuild upon industry standards and strategies such as Zero Trust to integrate key identity security technologies into a corporate ecosystemPlan for a successful  identity and access security deployment; create an implementation scope and measurable risk reduction; design auditing, discovery, and regulatory reporting; and develop oversight based on real-world strategies to prevent identity attack vectorsWho This Book Is ForManagement and implementers in IT operations, security, and auditing looking to understand and implement an Identity and Access Management (IAM) program and manage privileges in these environments
Erscheint lt. Verlag 30.3.2024
Zusatzinfo XXII, 299 p. 45 illus., 43 illus. in color.
Sprache englisch
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Schlagworte Attestation • Blockchain • credentials • entitlements • IAM • Identity Access Management • Identity Governance and Administration • Identity Theft • iga • privacy • roles • security • Zero trust security
ISBN-13 979-8-8688-0233-1 / 9798868802331
Haben Sie eine Frage zum Produkt?
PDFPDF (Wasserzeichen)

DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasser­zeichen und ist damit für Sie persona­lisiert. Bei einer missbräuch­lichen Weiter­gabe des eBooks an Dritte ist eine Rück­ver­folgung an die Quelle möglich.

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seiten­layout eignet sich die PDF besonders für Fach­bücher mit Spalten, Tabellen und Abbild­ungen. Eine PDF kann auf fast allen Geräten ange­zeigt werden, ist aber für kleine Displays (Smart­phone, eReader) nur einge­schränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Mehr entdecken
aus dem Bereich
Das Praxishandbuch zu Krisenmanagement und Krisenkommunikation

von Holger Kaschner

eBook Download (2024)
Springer Fachmedien Wiesbaden (Verlag)
CHF 34,15
Methodische Kombination von IT-Strategie und IT-Reifegradmodell

von Markus Mangiapane; Roman P. Büchler

eBook Download (2024)
Springer Vieweg (Verlag)
CHF 41,95