Why identity infrastructure is the new cyberattack surface


13 Oct 2023

Yaron Kassner. Image: Silverfort

Yaron Kassner, co-founder and CTO of Silverfort, discusses the security challenges that companies face in the realms of digital transformation and identity access management.

Yaron Kassner is the chief technical officer (CTO) and co-founder of computer and network security company Silverfort. He has a bachelor’s degree in mathematics, a PhD in computer science and more than 10 years of experience in cybersecurity and big data technology.

Prior to his current role at Silverfort, he worked on big data analytics and machine learning algorithms at Microsoft, as well as working as a consultant for Cisco.

As CTO of Silverfort, Kassner is responsible for setting the company’s product strategy, leading research and innovation, and guiding the technical team.

What are some of the biggest challenges you’re facing in the current IT landscape and how are you addressing them?

The ongoing shift to the cloud continues to be very challenging for organisations whose operations rely heavily on legacy apps and infrastructure. In most enterprises, you will find multiple identity providers and authentication solutions to manage identity and access across environments, including a legacy on-premise identity solution (usually Active Directory), a modern identity solution for web and cloud applications (such as Azure AD, Okta, Ping or others – and often more than one), a PAM [privileged access management] solution (such as CyberArk), and an access solution for the perimeter (such as VPN or ZTNA solutions).

In some cases, additional solutions are used, all of which play different, small parts in the incredibly complex identity stack that enterprises have to deal with. It is harder when there is M&A activity and a company inherits additional redundant solutions. Managing multiple solutions is tough enough, but the real problem is that competing vendors only work with their own isolated security controls. None of them offer a unified identity control across an enterprise’s entire identity infrastructure.

Without a complete picture of your entire identity infrastructure – and a way to protect it – attackers will continue to take advantage of the gaps between these identity ‘silos’ and easily spread across on-premises and different cloud environments that belong to the same organisation. As long as a user can fail the MFA [multi-factor authentication] verification in one IAM [identity access management] platform but still log in freely to all the others – identity will remain the attackers’ weapon of choice.

What are your thoughts on digital transformation in a broad sense within your industry?

Digital transformation efforts have accelerated productivity to new heights and we’ll continue to see this acceleration with the widespread use of AI. However, the productivity acceleration was at the expense of strong security and identity controls. The market has seen that come to light with the series of attention-grabbing hacks that are in the news daily.

Now more than ever, executive teams realise that security must be at the forefront of all DX [digital transformation] planning and it’s imperative that leaders understand the risks associated with every tool and system in their network in order to adequately protect them.

Silverfort’s product is built to ensure companies can embrace productivity and heightened identity security controls. With the continued rapid migration to the cloud and proliferation of AI tools, security must remain a top priority as leaders budget and plan for next year.

Sustainability has become a key objective for businesses in recent years. What are your thoughts on how this can be addressed from an IT perspective?

Sustainability is often overlooked and sometimes appears disconnected from identity and access management, however, since many computing resources are spent on performing authentication, it is a potential area for saving to reduce costs and energy consumption. We often find and highlight to our customers machines that are needlessly authenticating and wasting resources doing it. For IAM teams to identify wasteful clients and servers, they should gain visibility into authentication and analyse it to identify chokepoints.

What big tech trends do you believe are changing the world and your industry specifically?

Organisations are realising that identity is the new attack surface. Attackers abuse compromised credentials, as well as weak points or misconfigurations related to identity, resulting in massive ransomware takedowns and breaches. Organisations are seeking a more comprehensive identity security solution that not only gives instant visibility but can also stop an identity-based attack in its tracks.

We can’t talk about next year without talking about AI. In just 10 months, it’s made a massive impact in most industries. The best (and worst) is yet to come.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.