Silverfort's identity-first incident response solution reduces investigation and recovery times

Boston, Massachusetts – September 30, 2024 –Silverfort, a leader in unified identity security, announced its Identity First Incident Response solution that accelerates attack remediation times by complementing existing incident response (IR) tools and streamlining IR processes. Silverfort has the only solution that flips the script of traditional IR playbooks and enables IR teams to begin their investigations by discovering and suspending compromised accounts First, Then proceed to identify infected computers and malicious network traffic. This approach can save security teams valuable time – in some cases, days and nights of uninterrupted work.

A traditional incident response process begins with searching for infected computers or monitoring network logs to detect anomalous traffic. Locating stolen identities – human users or non-human identities (NHI) – is usually possible the last piece in the puzzle by giving malicious actors time and space to spread further within a network during an investigation. In fact, the time it takes to detect and contain breaches related to stolen credentials can be up to 292 days.

Silverfort turns the traditional IR process on its head

For the first time, IR teams can initiate an investigation by identifying and containing compromised accounts, effectively freezing malicious activity. Using a combination of machine learning (ML) and artificial intelligence (AI), IR professionals have access to highly actionable telemetry data that provides evidence of which accounts and users need to be blocked and which accounts can remain operational while the source is blocked Incident.

“In large incidents where lateral movement has occurred, it can be difficult to identify the affected assets. Often, when implementing containment measures, practitioners must make difficult decisions with incomplete information, balancing the attacker's damage against business disruption. The ability to immediately challenge all authentication events while continuing to conduct business is like a surgeon having the ability to slow a patient's heartbeat to perform surgery. “You can effectively “stress” an entire organization without impacting productivity while you investigate the root cause of the problem,” said Eric Haller, Silverfort Advisor and former VP of Sec Ops & GRC at Palo Alto Networks. “With Silverfort, teams have a partner who can provide them with actionable telemetry about what needs to be contained so they can keep their businesses operational – and not impact productivity – while they investigate and figure out the best path to recovery and remediation.”

The identity-first approach stops threat actors

Silverfort's Identity-First IR solution puts identity at the forefront by freezing stolen accounts and stopping lateral movements to reduce the impact of an incident and shorten remediation time. It can be deployed quickly during a security breach (as was recently demonstrated, in less than 12 hours for an organization with 50,000 users) to detect and contain compromised accounts and identify which systems, users, or other assets in the environment were compromised became. An identity-centric approach to incident response takes the burden off of combing through logs and network activity to identify vulnerable users, making the entire IR process more efficient.

“Responding to incidents is a race against time. With the rapidly changing threat landscape and sophisticated AI-powered threat actors, security teams cannot afford to look for an anomaly when potential attacks occur or systems fail,” said Ron Rasin, chief strategy officer at Silverfort. “While there is an established IR playbook for dealing with malware and network aspects of cyberattacks, the identity aspect is still a challenge. Silverfort's IR solution complements existing tools by immediately blocking compromised identities and neighboring machines and providing immediate insight into those machines. We are stopping the bleeding to ensure a safe recovery.”

Immediately enable a domain controller “authentication firewall” for the IAM infrastructure

Silverfort integrates into an existing IR strategy in a crisis scenario and is the only identity security platform that can enable a firewall across the identity infrastructure, including Active Directory domain controllers. Once deployed, Silverfort identifies compromised user accounts and can activate its authentication firewall to block and contain the breach. Essentially, the authentication firewall acts as a “freeze button” or “kill switch,” analyzing every authentication and access attempt and denying requests to critical resources until IR teams gain the upper hand. Silverfort will extensively deploy multi-factor authentication (MFA) for each identity and resource and configure “block access” policies for suspicious user accounts or groups. Once these policies are enabled, all further malicious authentication attempts will be blocked. Silverfort has proven that this approach can reduce remediation times to days rather than weeks and dramatically reduce the potential damage from a breach.

“Silverfort immediately helped contain compromised users and played a key role in detecting compromised identities as we brought our domain controllers back online,” said an identity lead at a Fortune 100 financial services company that recently suffered a security breach. “We worked quickly with the IR team to immediately implement revocation policies for the compromised identities.”

Key benefits of Silverfort's identity-first incident response solution include:

• Block a compromised user account in real time: Trigger MFA or block access immediately to stop an attack while it's happening and provide security teams with actionable forensic data.

• Automatically flag risky users and computers: Investigate threats and gain insight into the actions of compromised users. Easily navigate through the various compromised computers and users in the area to get a clear picture of what has been compromised.

• Immediately deny access to any machine or resource: With Silverfort's Authentication Firewall, IR teams can automatically restrict access to limit the blast radius of an incident.

• High-precision risk analysis and MFA verification: Analyze every login against the full user authentication path and verify detected threats with MFA to reduce false positives and ease the burden on security teams.

• Seamless integration into the existing security operations infrastructure:
  • Integrate identity protections (e.g. MFA, service account protection, access blocking) into an existing automated SOAR playbook.
  • Provide XDR with identity-related threat signals and suspected attacks. Collect endpoint, network, and other telemetry data to enrich context and refine the precision of detected threats.
  • Exchange data with the SIEM to correlate risk signals and optimize and improve insights into each user account's exposure to compromise or participation in an active attack.

• Comprehensive coverage of the hybrid environment: Every authentication and access attempt – whether by a human or NHI – is monitored on-premises or in the cloud.

Silverfort has spent years specifically developing its platform to eliminate the silos and blind spots that plague an organization's identity infrastructure and that no other solution has previously been able to address. The platform extends modern identity security measures to any enterprise resource, whether on-premise, cloud, human or NHI, providing a unified identity security layer that works effortlessly and instantly. By holistically enabling these modern identity security controls, even on previously unprotected assets, customers can stop the most dangerous identity-based attacks, quickly comply with stringent regulations, and meet their cyber insurance needs.

Learn more about Silverfort's Unified Identity Security Platform and download our Identity Incident Response Playbook.

About Silverfort

Silverfort, the unified identity security company, pioneered the first and only platform that enables modern identity security anywhere. We connect across all silos of enterprise identity infrastructure to create a single, unified layer of identity security across on-premises and cloud environments. Our unique architecture and vendor-agnostic approach removes the complexity of securing identities and extends protection to assets that no other solution can protect, such as legacy systems, command line interfaces, service accounts (non-human identities), IT/ OT infrastructure and more. Silverfort is a premier Microsoft partner and was named Microsoft's Zero Trust Champion of the Year. Silverfort is trusted as an identity security provider by hundreds of the world's leading companies, including several Fortune 50 companies. Find out more by visiting www.silverfort.com or further LinkedIn.