Identity Attack Vectors

Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four books: Privileged Attack Vectors, Asset Attack Vectors, Identity Attack Vectors, and Cloud Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud-based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook. Darran Rolls is CISO and Chief Technology Officer at SailPoint, where he is responsible for directing the company’s technology strategies and security operations, and is co-author of Asset Attack Vectors. He joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. He currently oversees BeyondTrust technology management solutions for vulnerability, and privileged and remote access. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures for Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook. He has a long history in identity management and security at companies such as Tivoli Systems, IBM, Waveset Technologies, and Sun Microsystems. He has helped design, build, and deliver innovative, ground-breaking technology solutions that have defined and shaped the Identity and Access Management (IAM) industry. He frequently speaks at industry events and to customers about IAM and next-generation enterprise security solutions.

Chapter 1: Introduction: The Machine.- Chapter 2: Introduction.- Chapter 3:.- Chapter 4:.- Chapter 5: Identity Access Denied.- Chapter 6: Understanding Enterprise Identity.- Chapter  7. Identity and Access Management.- Chapter 8: Privileged Access Management (PAM).- Chapter 9: Identity Threat Detection and Response.- Chapter 10: Indicators of Compromise.- Chapter 11: Identity Attack Vectors.- Chapter 12: The Identity Cyber Kill Chain.- Chapter 13: Six Steps to Identity Security.- Chapter 14: Emerging Identity Security Threats.- Chapter 15: Complexity Inherent in the IAM System.- Chapter 16: Identity Technical Debt.- Chapter 17: Identity Digital Transformation.- Chapter 18: Just in Time Access Management.- Chapter 19: Zero Trust for Identity Security.- Chapter 20:  Identity Obfuscation.- Chapter 21: Regulatory Compliance.- Chapter 22: Key Takeaways.- Chapter 23: A Final Thought on Vendors.- Chapter 24: Conclusion.- Appendix A: Identity Security Sample RFP Questions.- Appendix B: Zero Trust Department of Defense (DoD) Framework.