With artificial intelligence (AI), organizations can make well-informed decisions based on the analysis of vast amounts of data, without human intervention. These decisions can also be automatically improved through machine learning. In this article, I present an example of how AI combined with Identity and Access Management (IAM) can add value in the field of cybersecurity.
Background on IAM and Its Role in Organizations
Identity and Access Management (IAM) is a crucial aspect of cybersecurity that aims to ensure the right person has access to the right resources at the right time. IAM is based on the following principles:
Authentication: Ensuring the user is who they claim to be through multi-factor authentication (MFA).
Provisioning: Assigning and revoking permissions.
Identity Governance and Administration (IGA): Monitoring that users have been assigned the correct permissions.
AI and Anomaly Detection in Behavior Patterns
AI can detect anomalies in user behavior patterns by analyzing large data sets, such as event and transaction history, IP addresses, client data, application data, identity data, and access rights data. AI can thereby establish what is considered "normal" behavior for a specific user. The key is to feed AI with large amounts of data, for example from a SIEM system that collects logs and events from various systems, applications, and clients. AI also has the ability to correlate events based on current occurrences within the organization or society, and adjust alert levels accordingly. Examples of such occurrences could include payroll days, referendums, or patch Tuesdays.
Examples of anomalies may include:
A user attempting to access systems and resources they do not normally use.
Financial transactions that deviate from the norm.
The user's client being unknown.
AI Combined with IAM for Improved Cybersecurity
AI can detect anomalies in real-time and, when necessary, call upon the IAM tool with various commands, such as:
Revoke permission or account
Request new MFA login for an event to be executed.
Notify the manager or system owner.
Request approval from the manager or system owner for an event to be executed.
Through this process, AI combined with IAM tools can also help mitigate ongoing cyber-attacks. For example, if a user's identity has been stolen through a "spear phishing" attack, the attacker can log in as the user, but AI will quickly detect abnormal behavior and call upon the IAM tool to alert and block the account.
Considerations for AI-Supported Decisions
Certain aspects of AI-supported decisions require careful consideration. How can data collection be balanced with user privacy? Can AI systems be trusted to always make the same decision based on the same input, i.e., are the decisions deterministic? More experience is needed to establish best practices.
A proven best practice at this stage is to let AI handle the heavy lifting in data analysis and compilation, while a human user reviews and approves the results. With the Fortified ID Attest product, such a workflow can be seamlessly integrated, combining the strengths of AI with human decision-making to ensure quality and efficiency.
About Fortified ID
Fortified ID develops identity products and has extensive knowledge in IAM. We understand how AI combined with the right IAM tools can help organizations enhance their ability to withstand cybersecurity attacks.
All products from Fortified ID are AI-compatible and can be seamlessly integrated.
Contact us for more information.
Anders Björk, Senior Sales Engineer IAM, Fortified ID