This paper sets forth the IAM best practices for administrators to implement to address threats that are highly likely, highly impactful, or both. Furthermore, it identifies mitigation areas most effective in reducing the impacts of these threats to IAM.

This paper focuses on identifying mitigations for the following techniques frequently used by bad actors:

• Creating new accounts to maintain persistence.
• Assuming control of accounts of former employees which were not suspended upon employee termination.
• Exploiting vulnerabilities to forge authentication assertions (e.g. Kerberos tickets, Security Assertion Markup Language (SAML) assertions, OAuth2).
• Utilizing or creating alternative access points to systems.
• Exploiting or utilizing users with legitimate access.
• Compromising passwords through a variety of tactics (e.g. phishing, multi-factor authentication (MFA) bypass, credential stuffing, password spraying, social engineering, brute force).
• Gaining system access and exploiting stored credentials.
• Exploiting default passwords in built-in or system accounts, exploiting active attacks to downgrade, and exploiting deprecated encryption, or plain-text protocols to access credentials.

Download (1.0 MB)