Identity, Security Program Controls/Technologies

Elevate Security Advances Identity and Access Management (IAM)

single sign on (SSO) to login other webpage with one username and password vector

Elevate Security has debuted Elevate Identity, its new offering for identity and access management (IAM) professionals.

The service integrates Elevate’s user risk profiling capability with IAM tools, such as Cisco Duo, Crowdstrike Falcon and Microsoft Azure AD, to “add a full 360-degree perspective of each individual’s cyber risk to the authentication and authorization process,” the company said in a prepared statement.

Additionally, the Elevate Identity service integrates with identity governance tools, including Sailpoint’s identity security platform, to automate personalized access reviews based on changes in an individual’s user risk profile.

Billions of Data Points Analyzed

Elevate’s user risk model analyzes billions of independent data points from across the organization and beyond. Factors such as worker susceptibility to real phishing, sensitive data handling, safe browsing, and password management, along with demographics and other characteristics, are continually aggregated and updated into detailed, transparent, high-confidence user risk metrics, according to Elevate.

By integrating user risk data into IAM and identity governance administration (IGA) tools and processes, security teams now know the true risk characteristics of each worker attempting to access their systems. That includes an individual’s vulnerability to social engineering attacks.

With this data in hand, defenders can automate customization of conditional access policies, Elevate said. For example, Elevate may determine that a particular engineer, with access to company source code, is being targeted by attackers with increased frequency and has recently visited an insecure website.

Once Elevate identifies the individual as a “high risk engineer,” they are protected by specific IAM policies. These include forcing password-less multi-factor authentication, requiring a company-provided device, or limiting access to sensitive materials.

Productivity and Protection Delivered

Commenting on its advanced offering, Elevate founder and CEO Robert Fly said.

“With comprehensive user risk data informing the identity and access process, defenders have a simple, transparent, and effective method to apply personalized protections aligned to individual vulnerabilities. The ability to make better decisions, in real-time, at scale, during this critical stage of the kill chain is an absolute game changer in the fight against human-centered attacks.”

Elevate Identity notes that it allows security teams to “have the best of both worlds — strong individual protection for those that need it, and high productivity and satisfaction from the vast majority of users who represent less risk.”

Additionally, integration with identity governance tooling enables Elevate Identity to automatically initiate an access governance review for a high-risk engineer. This enables compliance and auditability by ensuring their access permissions are always aligned to both business need and their individual user risk profile.

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.