How generative AI is defining the future of identity access management

Generative AI defines the future of identity access management (IAM) by improving outlier behavior analysis, increasing the accuracy of alerts and streamlining administrative tasks while guarding against new threats.

The majority (98%) of security professionals believe AI and machine learning (ML) will be beneficial in fighting identity-based breaches and view it as a pivotal technology in unifying their many identity frameworks. Well over half (63%), predict AI’s leading use case will be greater accuracy in identifying outlier behavior. Another 56% believe AI will help improve the accuracy of alerts, and 52% believe AI will help streamline administrative tasks. 

The Identity Defined Security Alliance’s recent report, 2023 Trends in Securing Digital Identities, also shows how security professionals are challenged to get diverse identity frameworks from multiple vendors and different architectures to provide consistent data and insights.

Generative AI shrinks attack surfaces and expands the market

Insider threats and zombie credentials are two of the most challenging attack surfaces to detect and stop an intrusion or breach attempt. Expect to see the leading IAM providers adopt gen AI to create auto-deployed decoys, stepwise improvements to behavioral detection and response, gains in Asset Graph technology and fast-tracking improvements to their extended detection and response (XDR) platforms.

Every IAM provider has gen AI on their roadmap and is moving quickly to deliver new products that capitalize on its ability to provide contextual intelligence. Leading IAM providers include AWS, CrowdStrike, Delinea, Ericom, ForgeRock, Ivanti, Google Cloud Identity, IBM Cloud Identity, Microsoft Azure Active Directory, Palo Alto Networks and Zscaler. 

The more successful gen AI is in shrinking attack surfaces, the more its net effect will be to expand the market. Gartner predicts the worldwide IAM market will increase from $16.1 billion in 2023 to $24.9 billion in 2027. Broader end-user spending for the worldwide information security and risk management market will grow to $186 billion in 2023, with a constant currency growth of 13.4%. The market will reach $289 billion in 2027, with a CAGR of 11.0% between 2022 to 2027.

Gen AI shows the potential to close gaps in cloud security, the fastest-growing information security and risk management market that Gartner tracks. Cloud security products and services are predicted to grow from $4.4 billion in 2022 to 12.8 billion in 2027, attaining a 23.5% compound annual growth rate (CAGR).

Application security is predicted to grow from $5.7 billion in revenue this year to $9.6 billion in 2027, attaining a 13.6% CAGR. Global spending on zero-trust security software and solutions will grow from $27.4 billion in 2022 to $60.7 billion by 2027, attaining a CAGR of 17.3%.

Stepping up generative AI efforts in IAM

IAM providers need to step up their efforts using gen AI to identify and defeat the increasing number of malware-free attacks, which are often combined with convincing social engineering tactics. Attackers using gen AI to create, launch and monitor malware-free intrusions accounted for 71% of all detections as indexed by the CrowdStrike Threat Graph. 

The latest Falcon Overwatch Threat Hunting Report illustrates how attack strategies aim for identities first.

“A key finding from the report was that upwards of 60% of interactive intrusions observed by OverWatch involved the use of valid credentials, which continue to be abused by adversaries to facilitate initial access and lateral movement,” said Param Singh, VP for Falcon OverWatch at CrowdStrike. 

“Identity is where security is going and will revolve around going forward because there’s just so much more rich data there,” Ariel Tseitlin, a partner at Scale Venture Partners, told VentureBeat earlier this year. IAM jumped from eighth place to second in this year’s investment priorities ranking, reflecting increasing market concerns about identity security in multicloud tech stacks.

In a recent series of interviews, IAM providers and the CISOs they serve told VentureBeat what they’re most interested is seeing how gen AI can help close the gaps their organizations face in achieving identity-first security. IAM providers are trying to solve the gaps between identity and endpoint security, relying on gen AI and training models to bridge that gap with more contextual intelligence. 

Where IAM product leaders are focusing gen AI 

CISOs have consistently told VentureBeat that stopping an insider threat worries them and their teams the most. Employees with legitimate IDs — some with access credentials and a few with admin rights — are trusted and move freely through infrastructure to do their jobs. 

Monitoring network activities and identities won’t catch a breach using stolen credentials or an insider attack. Additionally, attackers often know the networks they’re attacking better than the admins running them, and the threat becomes even more severe.

VentureBeat spoke with product leaders responsible for the next generation of IAM systems to get their thoughts on solving this, and here are their observations. 

Auditing all access credentials in real-time to verify access privileges by resource

DropBox, Box and Microsoft Sharepoint have years of intellectual property, customer records and transaction information exposed because credentials have never been audited or revoked. Product leaders across IAM providers say they see this often in their customers’ networks, and it’s common for breaches to happen. No system catches them because legitimate credentials were used.  

Nearly half (45%) of enterprises suspect former employees and contractors still have active access to company systems and files, according to a recent study by Ivanti.

During an interview with VentureBeat, Srinivas Mukkamala, Ivanti CPO, said that “large organizations often fail to account for the huge ecosystem of apps, platforms and third-party services that grant access well past an employee’s termination.”

Mukkamala continued: “A shockingly large number of security professionals — and even leadership-level executives — still have access to former employers’ systems and data.”

Behavioral analysis for anomaly detection and response

Every IAM provider has their anomaly detection solution currently available or in their second generation of improving it with gen AI. It’s a strong use case for the technology, as it can identify unusual access patterns or potential breaches by analyzing large datasets in real-time, significantly improving detection.

IAM product leaders say their roadmaps reflect broadening the use of gen AI-based behavioral analysis for fraud detection, endpoint security, server and data center monitoring and more. Leading providers include CrowdStrike, CyberArk, Ivanti, Microsoft, Thales, Ping Identity and others.   

Identifying, isolating and stopping insider threats

Every IAM provider that VentureBeat has had briefings with has an insider threat solution already available or on their roadmap. Their goal is to use gen AI to fast-track insider threat solutions to increase the accuracy and reliability of alerts while sending out decoy containers, shares and assets that an inside attacker would try to breach. 

IAM product managers often visit their customers and spend a day in Security Operations Centers (SOC) to see how alert workflows can be improved, especially in insider threats.

According to one leading provider, it’s a very effective technique, and they’re productizing what they’ve learned. Given this high priority to the IAM provider community, it’s reasonable to assume there will be acquisitions in this area in 2024. For instance, in 2022, CrowdStrike acquired Reposify to strengthen their external attack surface management platform on Falcon, announcing that the core technology would also help their customer stop internal attacks.