Collecting the right signals for intelligent authorization

Are We Collecting the Right Signals to Properly Authorize User Access?

David Spark

- Umaimah, historically, we have heard a pretty good game about behavioral analytics. I gotta assume that behavioral analytics is not that simplistic and that it is way more complicated. Am I right in that thinking?

Umaimah Khan

- Yes and no.

David Spark

- Okay.

Umaimah Khan

- One thing a lot of folks don't realize, unless they're in the weeds, it's just how bad the data is, honestly.

David Spark

- So we got a problem with what we're collecting to tell us from behavioral analytics just is no good?

Umaimah Khan

- I think there's definitely like an event cleanup problem to even be able to say, "Hey, is this person accessing something outside of business hours? Is that normal?" You're right that that's a little simplistic, but it's actually quite a bit of signal at the end of the day because we're talking about access within organizations, which is pretty constrained, ultimately. But you're also right that once you have that foundation, you can start to correlate things and look at patterns at a different level of depth or dimension.

David Spark

- Gimme an idea of something you've seen correlated that sort of enlightened you to another level of understanding of access.

Umaimah Khan

- Oftentimes, people don't look at velocity, how frequently somebody is requesting something, and the sequence of things that maybe they would request before building up to stealing a credential or something like that. So not as simple as, "Oh, this is ours," but actually looking at the broader kind of landscape of like actions that take place that lead up to a sequence of attacks or something.

David Spark

-What are you starting to understand about behavior and access that maybe you didn't understand a couple of years ago?

Paul Gutherie

- As of today, we're not really doing much in the area of behavioral analytics. We do certainly have quite a few alerts, but as you start looking at how behavioral analytics should work, for instance, if somebody's commonly added to a domain administrative group because you're provisioning, then de-provisioning them to be able to do their work and this person is in the IT organization, that shouldn't probably set off an alarm. But it should set off an alarm if there's a new employee, that person has never been a domain administrator before and now suddenly, they're made a domain administrator. And so I think there's a lot of low-hanging fruit. What I would love to see is sort of injecting behavioral analytics and possibly artificial intelligence at some point into the protective control and potentially using artificial intelligence to look directly at the JIRA tickets, and even derive from that what the likely assets that somebody will need access to and provide them that authorization.

David Spark

- Where is Opal in its use of AI today and where do you wanna be tomorrow?

Umaimah Khan

- Currently what we're thinking through is how can we start to flag things for calibration? How can we start to flag things for recommendation and then allow humans to kind of make the judgment call on, "Oh yes, definitely. Let's let that go through." I think that's the first step to kind of reaching full trust.- Umaimah thrives on this discussion. Reach out to Opal and learn more at www.opal.dev.

About Opal

Opal is the unified identity platform for modern enterprises. Opal aggregates identity and access data to provide visibility and defense-in-depth infrastructure for mission-critical systems. Enterprises can discover anomalous identity risks with the product and remediate them in minutes. The world's best companies trust Opal to govern and adapt sensitive access.

Want to see it yourself? Contact sales@opal.dev or book a meeting here for a personalized demo.