hydden.docs

#

Identity Posture

The Identity Posture dashboard is a data visualization page. The page shows the widgets explained in detail below.

[!note] Widgets with date references offer historical views of the collected data. Do NOT use the As of Date calendar with the dashboard view.

Threat Score

This widget gives users a high-level view of all the account threat rankings grouped by Low, Moderate, and Critical and an overall Tenant Threat score based on the same three groupings. The main Threat Score widget provides a click-thru to the Insights and Recommendations page.

• Critical Accounts: The Quick View provides a focused view of the top critical risk factors for given accounts. The click-thru to Global Search shows the details for all accounts in the critical threat range.
• Moderate Accounts: The Quick View provides a focused view of the top moderate risk factors for given accounts. The click-thru to Global Search shows the details for all accounts in the moderate threat range.
• Low Risk Accounts: The Quick View provides a focused view of the top low risk factors for given accounts. The click-thru to Global Search shows the details for all accounts in the low threat range.

Total Discovered Owners

The total number of Owners discovered by Hydden collectors provides an identity footprint within an organization.

An Owner record is typically the digital representation of a person, similar to a driving license or a passport. However, it’s important to note that it’s not directly used for authentication, but rather to represent the person who may perform an authentication.

The click-thru to Global Search shows the details of the total number of Identities discovered by Hydden collectors providing an identity footprint within an organization.

Total Discovered Accounts

The total number of Accounts discovered by Hydden collectors provides an account footprint within an organization.

In contrast to an identity, accounts are the objects used to authenticate. Common account types are User Accounts, Service Accounts, and Computer Accounts. Most accounts are comprised of authentication pairs, such as a username and password or client ID and client secret. Hydden only collects account information and metadata and does not collect the more sensitive password information, such as password hashes or keys.

The click-thru to Global Search shows the details of the total number of Accounts discovered by Hydden collectors providing an account footprint within an organization.

Accounts Mapped to Owners

This widget provides users with an overview of how well-managed their accounts are, such as whether every account has an owner (someone or something). Accounts without owners represent a threat to the organization, so this data is important to ensure an organization is maintaining a good identity management posture.

The widget shows percentages of mapped and unmapped accounts. The click-thru to the saved search report provides the list of all accounts that have NOT been mapped to an identity. The saved search focuses on unmapped accounts only.

Account Mapping History

Use the Account Mapping History link to view your organization’s trends around identity mapping, which shows if the overall identity posture has been improving or deteriorating over time.

New Accounts

The New Accounts widget shows the number of new accounts detected by selecting the day, week, or month button. If the number of new accounts unexpectedly rises, this widget helps identify possible attacks and/or suspicious behavior. This data point helps users identify threats or attacks quicker (see new accounts history to support this widget).

Shared Accounts

This widget provides an overview of the number of accounts that are mapped to more than one identity. Shared accounts are viewed negatively for a company’s overall identity posture.

The click-thru to saved search provides an overview of the number of accounts that are mapped to more than one identity.

Stale Accounts

The Stale Accounts widget shows the number of accounts that had their last login more than 3, 6, or 12 months or potentially never. Looking at stale accounts helps an organization perform proper Identity Hygiene, which is critical to reducing the identity attack surface. With this widget, organizations can identify the number of accounts not being used and refer to a report to assist with account clean-up. Good identity hygiene requires keeping the number of unused/unnecessary accounts as low as possible.

The click-thru to the saved search provides query output showing the current number of Stale Accounts based on selecting 90+, 180+ and 365+ from the pop-up.

Stale Passwords

The Stale Passwords widget shows the number of accounts that have a password that was last changed either over 3, 6 months, or 12 months ago or never had a password. Looking at stale passwords helps an organization perform proper Identity Hygiene, which is critical to reducing the identity attack surface. With this widget, organizations can identify the number of accounts that have old passwords and refer to a report to assist with remediation efforts. Good identity hygiene requires users to change their passwords regularly to help reduce security threats caused by password data breaches.

The click-thru to the saved search provides query output showing the current number of Stale Passwords based on selecting the 90, 180 and 365 tiles.

Failed Logons

The Failed Logons widget shows the number of failed sign-ins for the last 3, 6, or 12 months. This widget helps identify possible attacks and/or suspicious behavior should the number of failed log-ins increase unexpectedly.

MFA Status

This widget provides MFA Status numbers. The widget tiles Enabled, Pending, and Not Enabled have click-thru to reports with the full details for each account matching that specific state.

• Enabled: The click-thru to Global Search shows all accounts that have MFA enabled in the organization.
• Pending: The click-thru to Global Search shows all accounts with pending MFA status in the organization.
• Not Enabled: The click-thru to Global Search shows all accounts that do NOT have MFA enabled in the organization.

The View Details link opens a modal providing the number of different MFA providers detected during Hydden discoveries.

MFA attacks are now becoming the norm for identity-related breaches and most MFA deployments in organizations are not properly configured. Organizations have multiple MFA providers (Duo, Okta) and resources that are not properly integrated and/or lack real-time visibility into MFA status at a user level, resource level, account level, or macro level.

Compromised Identities and Accounts

Knowing what accounts and/or identities have been compromised in any known data breach allows users of Hydden to take appropriate action to ensure that the account remains secure.

This widget shows three data points:

• Owners: Number of identities whose email address(es) match on known data breaches.
• Accounts: The number of discovered accounts that match data in any 3rd party RISK feed, for example, “Have I been pwned”.
• High-Risk Accounts: The Number of discovered accounts that match data in any 3rd party RISK feed, for example, “Have I been pwned”, who have not changed their password since the data breach occurred.

Each of the above widget tiles clicks thru to a saved search query, showing the selected compromised entities.

To access a time graph, click View History.

Discovered Groups

This widget shows the total number of Discovered Groups (Total Groups) and the total number of Discovered Privileged Groups (Privileged Groups).

The click-thru to Global Search provides an overview of all discovered groups and privileged groups discovered in an organization. Each widget tile has a respective focus on the report filters.