Combining Cyber Exposure Monitoring (CEM) with Identity Threat Detection and Response (ITDR) is a strategic approach to improving organizational cybersecurity. The data shared from Proficio’s experience over the past 12 months underscores how dangerous compromised credentials can be, particularly as a growing percentage of critical cyber incidents stem from credential compromises.
Key Highlights
The Increasing Threat of Compromised Credentials:
- Rising Breach Numbers: Proficio has observed that credential compromises are now involved in up to 50% of critical cyber incidents, indicating a clear trend of attackers exploiting identity vulnerabilities as an entry point.
- High Criticality: Once attackers obtain login credentials, especially for email or Office 365, they can often bypass security controls and access sensitive systems in the first attempt making is extremely difficult to detect until it’s too late.
Top Methods for Credential Compromise
- Dark Web Harvesting: Credentials from third-party breaches are sold cheaply on the dark web, and corporate email addresses are often used as usernames on compromised platforms. With 30% of employees reportedly reusing passwords, this method remains a highly effective attack vector.
- Phishing Attacks: Despite years of education, phishing continues to be an effective method for stealing credentials, with employees still falling victim to fake password reset requests.
- Password File Harvesting: In advanced attacks, after breaching a target, attackers may steal password databases and decrypt them over time, selling them for future use in other attacks.
Attack Scenarios
- Account Spraying: Attackers use compromised credentials to “spray” login attempts, often with high success rates when targeting multiple accounts within an organization.
- Accounts Payable Fraud: After compromising an accounts payable employee’s email, attackers can communicate to customers by masquerading as the employee and convince them to redirect large payments to fraudulent accounts.
- Microsoft 365 Exploits: Once attackers gain access to Office 365, they can carry out a range of attacks, from data theft on SharePoint to malware distribution or internal phishing.
The Role of Cyber Exposure Monitoring (CEM)
CEM offers proactive insights into an organization’s external exposure and vulnerabilities:
- Dark Web Monitoring: Continuous tracking of compromised credentials, credit cards, financial records, artifacts from prior compromises, and other sensitive data related to the organization.
- Vulnerability Discovery: Helps organizations identify exploitable external weaknesses, such as open ports, misconfigurations, and domain squatting attempts.
- Attack Surface Management: CEM meets requirements for external attack surface management and digital risk protection, ensuring a comprehensive view of potential threats.
Strengthening Defense with Identity Threat Detection and Response (ITDR)
ITDR enhances organizational defenses by detecting and responding to identity-based attacks in real-time:
- Broad Detection Coverage: Proficio’s ITDR service leverages a rich library of threat detection use cases across platforms like Microsoft 365, Active Directory, Azure Entra, Okta, Cloud Apps, VPNs, and more.
- Threat Intelligence Enrichment: ITDR correlates identity-related indicators of compromise (IoCs) with threat intelligence on bad actors, adding cross-device and multi-vector correlation to increase detection accuracy.
- Speed of Response: Proficio’s ITDR emphasizes the importance of fast response. Their Active Defense XDR integrates with Identity and Access Management (IAM) platforms like Active Directory, Azure Entra, and Okta to perform automatic account suspension or forced password resets—a critical feature to prevent propagation of a breach.
Real-Time Active Defense and Automation
The Active Defense Response module, part of ITDR, enables real-time actions like account lockout and password resets, triggered automatically when high-fidelity alerts are detected. The ability to combine this with one-click response from Proficio’s security portal (ProView) provides organizations with streamlined and efficient identity protection.
Conclusion
By integrating Cyber Exposure Monitoring with Identity Threat Detection and Response, Proficio offers a layered approach that ensures both proactive discovery of exposed credentials and immediate containment of identity-based attacks. This combination helps organizations stay ahead of attackers, reduces the risk of breaches caused by credential compromise, and automates critical defenses to prevent propagation.
This dual solution improves visibility and readiness against threats, helping organizations protect themselves more effectively from the escalating risk of credential-based attacks.
Proficio At A Glance
Proficio is a leading global Managed Detection and Response provider offering SOC-as-a-Service to hundreds of organizations of all sizes and industries. We have three global SOC teams in the US, Europe, and Singapore. We utilize an internal hosted SIEM and XDR technology stack as well as support customer owned Splunk and Microsoft Sentinel environments for our SOC services to provide the most advanced threat detection and response in the MDR industry.
