Cortex Cloud Identity Security can help you address the security challenges of managing identity in cloud environments.
Cortex Cloud Identity Security is a set of tools, providing you the following necessary capabilities to improve your identity estates security posture:
Cloud Infrastructure Entitlement Management (CIEM): Provides full and clear visibility into identities and permissions in your cloud environments, and helps with rightsizing permissions to achieve least privilege. The main idea behind the principle of least privilege is to make sure that only those who should have access to a cloud resource and actually must use it are granted that access. All unused and unnecessary permissions expose your organization to additional risk, and therefore these need to be eliminated. When all users and applications have been granted only the specific permissions they need, your organization has achieved least privilege access. Core CIEM capabilities also include removing unused permissions, monitoring administrators, and reducing risky permissions, such as human and non-human identities, third-party vendors, cross-account and cross-cloud access.
CIEM supports Amazon AWS, Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI) and Okta, enabling consistent visibility and control across multi-cloud and identity platforms. Core CIEM capabilities also include removing unused permissions, monitoring administrators, and reducing risky permissions across human and machine identities, third-party vendors, and cross-account or cross-cloud access.
For more information about ingesting logs and data from Okta, see Ingest logs and data from Okta. For information about onboarding AWS, Azure, GCP, OCI, and other cloud service providers, see Ingest cloud assets.
Identity Security Posture Management (ISPM): Helps you prevent identity misconfigurations by analyzing all identities across your cloud providers, identity providers (IdPs), and SaaS applications. By collecting and analyzing information from various services, ISPM creates advanced insights about your identity estate, helping you monitor and mitigate issues such as identity misconfigurations, shadow admins, and excessive permissions.
Data Access Governance (DAG): By combining access information with data-related insights generated by Cortex Cloud Data Security, Cortex Cloud Identity Security detects and identifies which identities can access sensitive data, which sensitive data types can be accessed, and where specifically this data is stored. DAG capabilities are used to remove unnecessary or unintentional access to sensitive data in order to reduce the risk of sensitive data exposure.
Identity Threat Detection and Response (ITDR): Collects and analyzes real-time events from your cloud providers and IdPs in order to establish usage and access patterns. ITDR detects identity-related anomalies in real time and triggers automatic responses to keep any unwanted party away from your environment.
The following image shows the Cortex Cloud Identity Security dashboard:
Cortex Cloud Identity Security runs a proprietary algorithm to calculate effective permissions and entitlements of the identities across your cloud service providers (AWS, Azure, GCP, and OCI) as well as permissions in your IdPs (Entra ID). This means creating a single graphical representation of all your cloud entitlements; taking all mechanisms affecting permissions into account. For example:
Relevant access policies
Deny and allow statements
Organizational policies across single- or multi-cloud environments
Managing access and entitlement is an essential step in reducing your cloud attack surface. This includes mitigating identity misconfigurations in order to eliminate infiltration risk, and implementing least privilege access in order to minimize lateral movement, privilege escalation, or attack impact possibilities.
Cortex Cloud Identity Security can assist you with discovering your entire identity estate, fixing security gaps, and removing unused, excessive and risky permissions to achieve the principle of least privilege. Additionally, you can use Cortex Cloud Identity Security to ensure that your environment meets any relevant compliance standards.
Cortex Cloud Identity Security can correlate identity information with configuration data, giving you the required depth of visibility and control. For example, if you use the Amazon S3 storage service, Cortex Cloud Identity Security can discover and identify sensitive data, the Cloud Network Analyzer (CNA) module can calculate true internet exposure, and Cortex Cloud Identity Security can provide granular insights into exactly who has access to the data and make appropriate recommendations to enforce least-privilege access.
You can use Cortex Cloud Identity Security to evaluate the effective permissions assigned to users, workloads, human identities, groups, roles, cloud service accounts, applications, identity providers (IdPs), and external accounts on your cloud provider so that you can properly administer identity and access management (IAM) policies and enforce access using the principle of least privilege.
Cortex Cloud Identity Security provides:
Visibility: Discover your entire cloud identity estate and get a detailed inventory of all the identity assets in your environment. You can also get a detailed and precise modeling of who has permissions for which actions, and on which assets.
Posture: Using a set of detection rules, find all privilege and misconfiguration security risks, with detailed reports of where exactly the issues are occurring and why they are important.
Detection and response: Detect identity-related security events in real time and trigger automatic responses to make sure attackers do not gain access to your environment.
Compliance: Test your identity estate against a wide set of compliance standards, and get a detailed report of what needs to be fixed in order for your assets to be 100% compliant.
Remediation: Use Cortex Cloud Identity Security to create fixes for all your security and compliance issues.