Hot take 🔥: I’ve had heated debates about “visibility” during my last few weeks in the circuit of cyber conferences - visibility alone, access path graphs, are nothing more than eye candy for presales. 📊 There is NO business driven outcome that can be justified only by “showing who has access to what”. NOTHING of meaningful value comes out of it, unless there are insights that can pinpoint and prioritize exposures that need to be fixed NOW. And then go and fix it. So…. Yeah, a visibility graph is not a “platform”. It’s just a graph. Say it with me: identity visibility without insight is like a baby 🍼crawling through a room and sticking its finger into a power outlet. ⚡️ #visibility #iam #ispm #itdr #ciem #iga
I feel like there are too many vendors in security space, just selling 'visibility'. The remediation capabilities are either non-existent or non-scalable. #theidentitynavigator
Like everything in #IAM it’s a journey. Discovery is step#1- but it typically is done in silos and isn’t continuous; Visibility is next- showing relationships across silos; then observability- adding risk intelligence and prompting action to occur- in the authoritative source. Bad process within your environment will become apparent- which is key to finally shrinking that attack surface.
Maybe i missed something.. Wouldnt visibility give insights as to what access there is.. the classic can do or did do.. And those insights can be used to "fix that access" Ofcourse fixing is easier said then done, but a topic for another day.. Or did you mean something else?
#devsays - True that... Suggesting just that an identity has access doesn't matter unless you specify why it has access, the risk, if it should have it in the first place and why so... Love the bottomline analogy Henrique Bernardes B Teixeira
Creative Strategist ✨ Collaborative Leader ❤️Cybersecurity Marketer
6mo💯 agree - you need visibility to get to rapid, precise actionability! Start with visibility into how your identities are structured, what they're doing, their risk scores and privileges...and, you can go from there: Proactive identity hygiene, prioritized risk insights and compliance violations, real-time identity threat detection and response, guided and automated remediations, etc. Without a unified, end-to-end view into your identities WITH risk insights and contextual insights, you are still operating in the dark. Having visibility with actionability - that's the ticket! Check out www.rezonate.io and see what I'm talking about.