Identity management vendor SailPoint has laid out plans to use AI in future products. The announcement was made at the company’s user conference Navigate ’17. The expectation is that AI will make identity-aware infrastructures smarter and more responsive. An early version of the solution to be called IdentityAI was also shown to delegates.
According to SailPoint President and Co-founder Kevin Cunningham: “In cybersecurity, visibility is everything. Unfortunately, we are all too often blind to hackers’ actions until it’s far too late. What’s needed today is a tool that sorts through the incredible amount of identity data that security operations teams must ‘see through’ to detect a potential ongoing breach. With IdentityAI, we’re delivering a solution that will allow customers to swiftly sift through the millions of bits of activity and access privileges to see what is truly happening on their network, long before any of their sensitive data winds up on the dark web. We believe identity analytics is the logical – and highly critical – next step in identity management’s evolution.”
What is SailPoint adding?
This is about analytics and the ability to spot and detect issues as early as possible. One of the areas that IdentityAI deals with is user behaviour. There are a lot of products out there doing user behaviour analysis but not all do a great job. One of the big challenges is context.
For example, a senior director travels to multiple countries over a week, logging on in different time zones and from unknown locations. Without context an automated system would suspend the account or at the least restrict its access. SailPoint is making much of smarter governance especially around high risk scenarios such as this. What is not clear is how it will add the context of the travel and business meetings. For example there is no sign that it has access to the work diaries of staff. If it does then that information would at least provide additional context about the users movement. It may be that it adds this in the final version.
As expected from Cunningham’s comments in the press release, automation is a major part of IdentityAI’s effectiveness. This is about taking out the people factor especially around the mundane security issues. How it will learn what is mundane for each customer is far from clear. It is also unclear if this is a wholly cloud-based or on-premises solution.
What does this mean?
Anything that can improve the detection of stolen credentials being used by a hacker will be welcomed by security teams. Using a solution that can learn the behaviour of users and applications is also a bonus if it also understands context. By removing the daily management of access from IT security teams and automating it response times will be improved. What must not happen, however, is an increase in false positives early on in the training cycle. Cunningham acknowledges this risk and believes that SailPoint can manage it.