Identity Threat Detection and Response

4 min readOct 20, 2022


RevBits Cyber Intelligence Platfor

Identity Threat Detection and Response

Identity is foundational for security operations to allow authorized users, devices, and services with access to corporate digital resources and data. Identity Threat Detection and Response (ITDR) is a layer of security within identity and access management (IAM). Managing identity has become critically important, as threat actors increasingly target digital assets, resources, and the identity infrastructure itself.

Organizations must be highly focused on protecting their identity infrastructure, as it is mission-critical for security operations. When user directories are compromised, an organization’s identity infrastructure can be compromised, allowing bad actors to take control of systems and data.

Sophisticated attackers are actively targeting identity infrastructure, as witnessed by the SolarWinds breach, where hackers used administrative permissions to gain access to the company’s global admin account, or trusted Security Assertion Markup Language (SAML) token signing certificate, where they forged SAML tokens for their lateral movement.

Credential exploitation is a primary attack vector, and identity hygiene is not enough to prevent breaches. Multifactor authentication and entitlement management can be circumvented because they lack detection and response capabilities. Stand-alone SIEM solutions, in-house security operations centers (SOCs), and outsourced managed detection services, cannot replace natively designed and developed threat detection and response processes that specifically ensure the integrity of the identity infrastructure itself.

RevBits PAM

ITDR is a fundamental component of RevBits unified cyber intelligence platform (CIP). Within RevBits CIP, is RevBits PAM, a next generation identity solution with comprehensive drag-and-drop functionality based on a modern architecture. Several unique features and capabilities make it stand out. Extending core privileged access management, RevBits PAM includes natively integrated security modules:

  • Privileged session management
  • Service account management
  • Web application access management
  • Third-party access management
  • Full-featured password management
  • Certificate management
  • Key management

Instead of buying multiple solutions from different vendors for all these capabilities, RevBits PAM leverages these extensive capabilities within a single solution. Further still, RevBits PAM can be brought into the full capabilities of RevBits CIP with native integration of Email Security, Zero Trust Networking (ZTN), XDR, Endpoint Security and Deception Technology.

In today’s complex business environments, granting external or remote third-parties access to internal servers, databases, services, and applications is a common need. RevBits PAM’s remote access management module is based on Zero Trust Networking (ZTN), to provide a safer, faster, and more reliable alternative to VPN. ZTN within RevBits PAM can grant highly granular access to specific servers, databases, services, and applications, while recording all remote user activity.

RevBits PAM includes an Onboard Workflow Manager (OWM) that is natively integrated through a GUI-based design and workflow engine. Admins can simply drag-and-drop and easily design an access request workflow for a single asset or group of assets. Automating access requests from users to admins to approve workflows saves time, resources, and money, enabling the process to be ten times faster, smoother, and more efficient.

The comprehensive workflow management engine supports multilevel approvals for granting access to resources. All approved workflows are stored for audit and analysis, and can be attributed to users, credentials, resources, and groups.

Orchestration of workflow management within the intuitive dashboard makes it easy to define workflow steps needed for user role approvals. With a single click, approvals can be easily and quickly recalled. Workflow processes and user activity is integrated with behavior analytics and is natively integrated with RevBits on-board SIEM and SOAR capabilities. It can also be integrated within a standalone SIEM.

RevBits jump server architecture enhances asset protection

RevBits jump server provides two principal security enhancements within RevBits PAM. First, the user and the resource are not directly connected to each other. In other words, the user does not have a direct connection to a resource, and therefore, cannot leave “backdoor” access credentials on an on-boarded resource. Secondly, all session recording is conducted at the jump server, not on user devices. This protects the organization from malicious activity by not allowing a bad actor to obfuscate logs and recordings, as session recordings and logs on a jump server are not accessible by the user.

The RevBits jump server isolates user sessions by passing a randomly generated credential that is valid for two minutes, for a one-time use. The jump server makes the connection, and then passes the real credentials directly to the real server or database. The user never sees the real credentials or real server IP addresses.

RevBits jump servers run on-premises, in the cloud, and within hybrid environments. RevBits PAM is integrated with Active Directory and LDAP, as well as clouds, including AWS, Azure, Google Cloud, and others using API keys. Admins can define filters for servers within specific zones, data centers, IP ranges and tags, and automatically pull the servers into RevBits PAM. RevBits jump servers can also be located within a VLAN for highly restricted access control. RevBits PAM can be network segmentation aware, and handle connections to segmented assets through appropriate jump servers automatically.

Originally published at




RevBits gives every enterprise the power to secure their systems. Protect against them with RevBits comprehensive Cybersecurity Intelligence Platform.