Identity at the Center Identity at the Center #53 - Twitter, MGM, and ITSM IGA with Darran Rolls
Jul 20, 2020
Darran Rolls, a seasoned identity and security expert and former SailPoint CISO, dives into pressing cyber challenges. He shares insights on the recent Twitter breach, emphasizing the critical role of insider access and zero trust. Darran discusses the staggering MGM data leak, potential nation-state motives, and the intricacies of threat modeling. He also explores how ITSM platforms can enhance identity governance and recounts his journey in the identity field. With plans for a new book, Darran inspires listeners to stay engaged with evolving identity standards.
AI Snips
Chapters
Transcript
Episode notes
Social Engineering + Insider Privilege Are Dangerous
- The Twitter hack shows attacks are often basic social engineering plus abuse of privileged internal access.
- Darran Rolls and Jim McDonald stress thinking like the adversary and threat modeling to detect insider abuse.
Harden Support Access And Model Insider Threats
- Implement checks, balances, and least privilege for trusted support roles to limit account takeover risk.
- Threat-model internal adversaries and define detection indicators for privileged activity.
Big Breaches Power Future Targeting
- Mass data breaches (like MGM) are bought cheaply and fuel future targeted attacks and AI-enhanced reconnaissance.
- Volume of leaked personal attributes is an investment for attackers beyond immediate financial gain.