SaaS platform complements other identity and access management, privilege access management, and custom identity solutions as cybercriminals prioritize stolen access credentials. Credit: Foundry Cybersecurity vendor Inside-Out Defense has emerged from stealth with the launch of a new privilege access abuse detection and remediation platform. The SaaS, agentless platform supports all environments and applications, complementing existing identity and access management (IAM), privilege access management (PAM), and custom identity solutions, the firm said.Stolen access credentials are highly attractive to cybercriminals looking for routes into company networks and systems. What’s more, access brokers – criminal groups that sell stolen access credentials – have become a key component of the eCrime threat landscape, with elevated privileges typically having the highest asking prices.Privilege access abuse significant contributor to data breachesPrivilege abuse through compromised identities are significant contributors to data breaches. Without the ability to see how access is used throughout an enterprise, CISOs and cybersecurity teams can be blindsided.Tools such as PAM solutions can aid management of privileged credentials to stop or slow an attacker’s movement through a network. However, Inside-Out Defense claimed that today’s cybersecurity market is flushed with point solutions that only look for a few known privilege abuse signatures and are reactive in nature, detecting abuses after the event. The Inside-Out Defense platform enables the determination of gaps between known and unknown abuse behaviors to detect privilege abuse as it happens, the vendor said in a press release. Inside-Out Defense said the platform’s key features include:Privilege abuse remediation: The platform detects access abuse behaviors in real time and provides in-line remediation of malicious privilege access through a kill switch.Access intent: Customers get a 360-degree profile of malicious access requests, their context, and intent, offering a real-time view of the organization’s access posture.Coverage across the entire organization: Coverage across the organization’s environments includes infrastructure (cloud and on-premises), applications (SaaS, managed, unmanaged), APIs, and human/ non-human users.“Many enterprise organizations struggle to maintain a comprehensive view of privilege access that has been awarded to their employees,” said Mark Settle, author of Truth from the Valley, A Practical Primer on IT Management for the Next Decade and former Okta CIO. This confusion results from the wide array of IT resources supporting daily business operations and the complex ways access can be granted, delegated, transferred, or assumed, he added. Cybercriminals prioritize stolen credentials, access broker demand increasesCybercriminals are doubling down on stolen credentials, demonstrating a clear demand for access broker services. There was a 112% year-over-year increase in advertisements for access broker services identified last year compared to 2021, with more than 2,500 advertisements for access detected across the criminal underground, according to the CrowdStrike 2023 Global Threat Report. There was also a notable shift away from malware use related to adversaries’ prolific abuse of valid credentials to facilitate access and persistence in victim environments, the research found.Several brokers advertised access in bulk during 2022, while others continued to use the “one-access one-auction” technique, according to CrowdStrike. The most advertised sectors by access brokers in 2022 were the academic, technology, and industrial sectors, with government, healthcare, and retail the least advertised. Related content brandpost Shifting security left: DevSecOps meets virtualization By Anthony Ricco, CMO of Corellium. 01 Jul 2023 4 mins Security news analysis Attackers add hacked servers to commercial proxy networks for profit Proxyjacking allows attackers to sell unknowing victims' unused network bandwidth. By Lucian Constantin 30 Jun 2023 4 mins Cybercrime news Command-and-control framework PhonyC2 attributed to Iran’s Muddywater group PhonyC2 was used to exploit the log4j vulnerability in the Israeli software SysAid, the attack against Israel’s Technion institute, and the ongoing attack against the PaperCut print management software. By Apurva Venkat 30 Jun 2023 4 mins Advanced Persistent Threats Cyberattacks Vulnerabilities news First state-sponsored cyberattack against UK government revealed two decades later Rare insight marks the 20th anniversary of a state-backed malware attack on a UK government department. By Michael Hill 30 Jun 2023 3 mins Cyberattacks Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe