Oort is now part of Cisco  |  Learn more

Try it free

Taking a Data-Driven Approach to Identity Security

In case you missed it, Oort released the inaugural 2023 State of Identity Security report. If you don’t want to download a copy, you can read all about the report's key findings in another blog we published today.

In this blog, however, I wanted to outline our methodology and explain why I think we have something unique to say.  


Data-Driven Solutions

We are building our product in a way that fresh and accurate data is always available for analysis, while still securely stored. Tools like Snowflake enable us to aggregate vast amounts of data in no time and use it to drive our product decisions and help customers to answer critical questions.

I’m a big believer in data-driven solutions to business needs. In fact, without this, data science can be useless. For this report I worked with Michael Marriott, our head of product marketing, to answer his key data requirements. Over the course of several months, we collaborated to derive the most impactful data points to pull into the analysis.  

There have already been some excellent reports conducted on identity security. These reports are generally qualitative findings from survey responses. These provide a valuable lens into the most significant concerns facing security leaders today. However, very few studies show the scale of the problem facing the average company. 

Almost every new customer I speak with is surprised by the scale of their identity problem. They might suspect they might not have 100% MFA coverage or have a handful of dormant accounts sitting in the IDPs. It often sets off alarm bells when they learn that more than 40% of their workforce have no strong MFA, and more than 24% of accounts are inactive.

This report provides a view of the following:

  • What the typical company looks like
  • The most common identity weaknesses
  • What (and who) are attackers targeting


To Analyzing 500k Identities: Our Methodology

One of my favorite data-driven security reports is Verizon’s Data Breach Investigation Report (DBIR), which brings excellent insights year after year. It’s a behemoth: 108 pages and 3 pages alone for the methodology.

This report may not have three pages of text on the methodology and is 24 pages instead of 108, but we want to make our approach as transparent as possible. 

This report analyzed user data, login information, and information from identity providers, including Okta, Azure Active Directory, Duo, and Auth0. The analysis covers more than 500,000 identities in the second half of 2022. We focused on North American companies with more than 1,000+ employees. 

The paper relies on various ad-hoc analyses and threat detection rules created by the Oort Data Science team, including event-based and behavioral detections.

We have plenty more ideas for our following report, but if there is anything you would love to see, we would love to hear from you! 


Data Science, Machine Learning, and Securing your IAM

One thing that we are trying to avoid in this discussion is talking about machine learning. ML is a tool that should serve us to achieve certain goals and not be a standalone topic. Getting swept up amidst the ChatGPT hype is easy. 

There is a clear place for machine learning. You need advanced machine learning capabilities to innovate within an existing market. You need ChatGPT to beat Google at search to overcome the millions of human hours Google invested in its engine. 

On the other hand, in early markets (such as Identity Threat Detection and Response), you should evolve with your customer base and feed them the level of analysis they know how to process and operationalize. 

For example, Oort uses ML-driven alerts for abnormal behaviors and anomalous trends. However, is this where you should first focus? Not when a large number of active users have no MFA and you have hundreds of dormant accounts sitting there. Focusing on securing your IAM will reduce your identity attack surface and may even save you money on unnecessary licenses.

We should use data science to provide the best possible solution to a specific problem. So feel free to contact me or Mike Marriott if you have any questions about the published observations. 


Download Your Free Copy

I’m excited to see how trends develop over time and what we find in our subsequent report. In the meantime, download a copy, and let us know if you like it, if you disagree, or if there’s anything you’d like to see in the following report. 

Recent Blogs

This week we’re introducing two new checks, a “registered location” tag, and more. Read on to learntrue

There have been plenty of exciting releases to get excited about over the last year. However, thistrue