Elevate Security has debuted Elevate Identity, its new offering for identity and access management (IAM) professionals.
The service integrates Elevate’s user risk profiling capability with IAM tools, such as Cisco Duo, Crowdstrike Falcon and Microsoft Azure AD, to “add a full 360-degree perspective of each individual’s cyber risk to the authentication and authorization process,” the company said in a prepared statement.
Additionally, the Elevate Identity service integrates with identity governance tools, including Sailpoint’s identity security platform, to automate personalized access reviews based on changes in an individual’s user risk profile.
Billions of Data Points Analyzed
Elevate’s user risk model analyzes billions of independent data points from across the organization and beyond. Factors such as worker susceptibility to real phishing, sensitive data handling, safe browsing, and password management, along with demographics and other characteristics, are continually aggregated and updated into detailed, transparent, high-confidence user risk metrics, according to Elevate.
By integrating user risk data into IAM and identity governance administration (IGA) tools and processes, security teams now know the true risk characteristics of each worker attempting to access their systems. That includes an individual’s vulnerability to social engineering attacks.
With this data in hand, defenders can automate customization of conditional access policies, Elevate said. For example, Elevate may determine that a particular engineer, with access to company source code, is being targeted by attackers with increased frequency and has recently visited an insecure website.
Once Elevate identifies the individual as a “high risk engineer,” they are protected by specific IAM policies. These include forcing password-less multi-factor authentication, requiring a company-provided device, or limiting access to sensitive materials.
Productivity and Protection Delivered
Commenting on its advanced offering, Elevate founder and CEO Robert Fly said.
“With comprehensive user risk data informing the identity and access process, defenders have a simple, transparent, and effective method to apply personalized protections aligned to individual vulnerabilities. The ability to make better decisions, in real-time, at scale, during this critical stage of the kill chain is an absolute game changer in the fight against human-centered attacks.”
Elevate Identity notes that it allows security teams to “have the best of both worlds — strong individual protection for those that need it, and high productivity and satisfaction from the vast majority of users who represent less risk.”
Additionally, integration with identity governance tooling enables Elevate Identity to automatically initiate an access governance review for a high-risk engineer. This enables compliance and auditability by ensuring their access permissions are always aligned to both business need and their individual user risk profile.