SBN

OpenITDR is Open for Business: New Open Framework for the ITDR Community

Authomize, the Identity Threat Detection and Response Platform, announced today the launch of the OpenITDR Framework Initiative. 

This open source repository of API standards for connectors, remediation playbook workflows, and Identity Security testing tools and research will become a resource for the security community as it takes on the challenge of protecting against Identity-based attacks. 

The Identity layer is increasingly under attack by malicious actors seeking to exploit the identity’s access privileges to steal data and compromise systems. In 2022, a whopping 84% of organizations reported experiencing an identity-related breach. This worrying trend highlights the change from identity being a system to be managed to a perimeter that needs to be secured.

Identity has undergone a transformation in the security community. Whereas in the past it was likely owned by IT, who held the responsibility for provisioning access and assisting HR through the on-boarding and offboarding, identity has evolved and migrated into a discipline that is at the top of security’s concerns. 

The massive expansion of cloud computing has made achieving a continuous state of Least Privilege more difficult, and raised the risks emanating from account takeovers, privilege escalation, and direct attacks on the identity infrastructure that we depend on to manage our identity and access.

The challenge for organizations has been that they lack the critical, centralized layer of visibility, connectivity, contextual intelligence, and control to effectively detect and remediate risks and mitigate threats to their identity infrastructure.

By adopting the vendor agnostic OpenITDR Framework, organizations will be able to use the connectors to integrate with the ITDR solution of their choice, and then utilize the contextual identity intelligence produced to remediate incidents via the playbooks.

The vision for the OpenITDR Framework Initiative is to: 

  • Enable organizations to tackle their Identity Security challenges by giving them a set of no code tools that will help them to get up and running with ITDR faster and cheaper
  • Create a real community where customers, vendors, partners, and others can share their knowledge and work together to rapidly expand the resources for Identity Security professionals, contributing new connectors and workflows for the benefit of all
  • Drive increased research into threats to IAM infrastructure to stay a step ahead of the threat actors 

Our hope is that this initiative will facilitate adoption of ITDR technology and approaches, lowering the barriers to entry and injecting new energy into the efforts to combat against threats to critical identity infrastructure. 

What is Provided in the OpenITDR Framework?

As the organization spearheading the OpenITDR Framework Initiative, Authomize has kickstarted the project by releasing the following resources through our GitHub repository:

  • Identity threat response playbooks
  • Open source connectors to collect identity and access data
  • Inquiry APIs for pulling rich identity context 
  • Testing tools for identity-based risks and threats
  • Research impacting IAM security

Diving a little deeper into the details here below:

Open Connectors for All Environments

Authomize is offering a REST API-based standard for consumption of identity and access data from any type of service, cloud infrastructure, and application. In addition, a repository of open source connectors based on the aforementioned API that were provided by members of the Open ITDR community is provided for free. The community is encouraged to use the standardized API to develop their own connectors and share with the community, exponentially expanding the reach and utility of ITDR for all.

Open Inquiry API for Rich Context

Enrich systems with contextual identity and access intelligence to drive smarter decision making, aiding in risk scoring and enabling remediation through actionable insights.

Automated Workflows to Streamline Remediation

Build automated workflows to respond effectively to Identity-based risks and threats. Pre-configured playbooks streamline remediations, harnessing automation to save security operations teams valuable time and focus.

Authomize is open-sourcing three automated workflows to automatically respond to high-priority risks and threats.

Sample Workflows 

  • Protect Okta Compromised Users: Return users affected by Okta SCIM application clear text password exposure and exfiltration risk (Passbleed)
  • Remediate over-privilege in AWS: Refactor AWS access policy to automatically contain risky access and achieve Least Privilege
  • Eliminate the risk of exposed Git repositories: Immediately fix public Git repositories that expose sensitive data

These open source workflows are available on the OpenITDR Github repository for customers and partners to use and extend by adding their own playbooks.

Open Sourcing ITDR Tools and Security Research

Alongside the OpenITDR Framework’s connectors and playbooks, the OpenITDR project will be a place for sharing tools, research, and resources for the benefit of the identity security community. The open source PassBleed testing tool to help detect risky misconfigurations in Okta deployment is available under the OpenITDR repository. 

Why Choose Authomize as Your ITDR Platform

The OpenITDR Framework is available for the whole of the community and can be used to connect to any system in the identity infrastructure and to any ITDR vendor. The more attention that is directed at the challenge of Identity Security and tools shared for tackling it, the better. 

That said, Authomize remains the leader in the ITDR arena. Connecting to Authomize offers several advantages including:

  • The most granular identity visibility across all cloud and IAM environments 
  • The richest contextual data on identity, access privileges, assets, and usage
  • Advanced detection capabilities to protect against attacks targeting IAM infrastructure

Authomize is the intelligence that sits at the nexus of your identity data collection and produces the actionable insights and workflows to keep your organization safe from Identity risks and threats.

The best way to learn about the OpenITDR Framework is to visit our GitHub repository and get started.

We encourage you to look around, try the tools out for yourself, and of course, contribute!!!

And as always, we are here to answer your questions about securing your identity and access, so feel free to contact us.

 

The post OpenITDR is Open for Business: New Open Framework for the ITDR Community appeared first on Authomize.

*** This is a Security Bloggers Network syndicated blog from Authomize authored by Gabriel Avner. Read the original post at: https://www.authomize.com/blog/openitdr-is-open-for-business-new-open-framework-for-the-itdr-community/

Avatar photo

Gabriel Avner

Gabriel is a former journalist who loves learning and writing about the cat and mouse game of security. These days he writes for WhiteSource about the issues impacting open source security and license management and training Brazilian Jiu-Jitsu.

gabriel-avner has 51 posts and counting.See all posts by gabriel-avner