Tenable Identity Exposure
Many operating systems provide effective critical security functions and mechanisms to applications which control identification, authentication, and authorization to applications. The three key elements of Identity Management, as related to application security are defined as follows:
The three key elements of Identity Management, as related to application security are defined as follows:
-
Identification: The process of establishing a unique identity for each user or entity within the system, such as usernames, email addresses, or other IDs that uniquely identify individuals.
-
Authentication: The process of verifying the identity of a user or entity. This ensures that the person or system trying to access the resources are who they claim to be.
-
Authorization: Once an identity has been authenticated, authorization determines what resources or actions are allowed to be accessed.
These elements and associated policies, processes, and tools play a crucial role to help organize, secure, and manage digital identities in securing web applications.
Identity Management
Tenable Identity Exposure (formerly Tenable.ad) provides information about the organization's Active Directory environment in an intuitive dashboard, which monitors Active Directory in real-time, enabling organizations to identify at a glance the most critical vulnerabilities and recommended courses of remediation.
Some of the Application Security compliance requirements Tenable solutions address may include:
-
Identify all accounts in the environment.
-
Ensure all active accounts are authorized.
-
Ensure all accounts are configured to use strong authentication controls.
-
Delete or disable dormant and default accounts.
-
Restrict privileged access to only authorized users.
-
Ensure group access is appropriately assigned.
-
Understand configuration exposures, such as dangerous permissions.
Indicators of Exposure, a feature of Tenable Identity Exposure, provides an overview of critical, high, medium, and low risk exposures identified across the organization’s domains. In this example, several indicators are quickly identified, such as potential clear text passwords, dormant accounts, and accounts with no passwords.
For information on user account exposures, refer to the Tenable Cyber Exposure Study: Identity and Access Management document.