Identity Threat Detection and Response

RevBits Cyber Intelligence Platfor

Identity Threat Detection and Response

Organizations must be highly focused on protecting their identity infrastructure, as it is mission-critical for security operations. When user directories are compromised, an organization’s identity infrastructure can be compromised, allowing bad actors to take control of systems and data.

Sophisticated attackers are actively targeting identity infrastructure, as witnessed by the SolarWinds breach, where hackers used administrative permissions to gain access to the company’s global admin account, or trusted Security Assertion Markup Language (SAML) token signing certificate, where they forged SAML tokens for their lateral movement.

Credential exploitation is a primary attack vector, and identity hygiene is not enough to prevent breaches. Multifactor authentication and entitlement management can be circumvented because they lack detection and response capabilities. Stand-alone SIEM solutions, in-house security operations centers (SOCs), and outsourced managed detection services, cannot replace natively designed and developed threat detection and response processes that specifically ensure the integrity of the identity infrastructure itself.

RevBits PAM

  • Privileged session management
  • Service account management
  • Web application access management
  • Third-party access management
  • Full-featured password management
  • Certificate management
  • Key management

Instead of buying multiple solutions from different vendors for all these capabilities, RevBits PAM leverages these extensive capabilities within a single solution. Further still, RevBits PAM can be brought into the full capabilities of RevBits CIP with native integration of Email Security, Zero Trust Networking (ZTN), XDR, Endpoint Security and Deception Technology.

In today’s complex business environments, granting external or remote third-parties access to internal servers, databases, services, and applications is a common need. RevBits PAM’s remote access management module is based on Zero Trust Networking (ZTN), to provide a safer, faster, and more reliable alternative to VPN. ZTN within RevBits PAM can grant highly granular access to specific servers, databases, services, and applications, while recording all remote user activity.

RevBits PAM includes an Onboard Workflow Manager (OWM) that is natively integrated through a GUI-based design and workflow engine. Admins can simply drag-and-drop and easily design an access request workflow for a single asset or group of assets. Automating access requests from users to admins to approve workflows saves time, resources, and money, enabling the process to be ten times faster, smoother, and more efficient.

The comprehensive workflow management engine supports multilevel approvals for granting access to resources. All approved workflows are stored for audit and analysis, and can be attributed to users, credentials, resources, and groups.

Orchestration of workflow management within the intuitive dashboard makes it easy to define workflow steps needed for user role approvals. With a single click, approvals can be easily and quickly recalled. Workflow processes and user activity is integrated with behavior analytics and is natively integrated with RevBits on-board SIEM and SOAR capabilities. It can also be integrated within a standalone SIEM.

RevBits jump server architecture enhances asset protection

The RevBits jump server isolates user sessions by passing a randomly generated credential that is valid for two minutes, for a one-time use. The jump server makes the connection, and then passes the real credentials directly to the real server or database. The user never sees the real credentials or real server IP addresses.

RevBits jump servers run on-premises, in the cloud, and within hybrid environments. RevBits PAM is integrated with Active Directory and LDAP, as well as clouds, including AWS, Azure, Google Cloud, and others using API keys. Admins can define filters for servers within specific zones, data centers, IP ranges and tags, and automatically pull the servers into RevBits PAM. RevBits jump servers can also be located within a VLAN for highly restricted access control. RevBits PAM can be network segmentation aware, and handle connections to segmented assets through appropriate jump servers automatically.

Originally published at



RevBits gives every enterprise the power to secure their systems. Protect against them with RevBits comprehensive Cybersecurity Intelligence Platform.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

RevBits gives every enterprise the power to secure their systems. Protect against them with RevBits comprehensive Cybersecurity Intelligence Platform.