© 2020

Identity Attack Vectors

Implementing an Effective Identity and Access Management Solution


Table of contents

  1. Front Matter
    Pages i-xxiii
  2. Morey J. Haber, Darran Rolls
    Pages 1-5
  3. Morey J. Haber, Darran Rolls
    Pages 7-10
  4. Morey J. Haber, Darran Rolls
    Pages 11-16
  5. Morey J. Haber, Darran Rolls
    Pages 17-42
  6. Morey J. Haber, Darran Rolls
    Pages 43-44
  7. Morey J. Haber, Darran Rolls
    Pages 45-49
  8. Morey J. Haber, Darran Rolls
    Pages 51-97
  9. Morey J. Haber, Darran Rolls
    Pages 99-102
  10. Morey J. Haber, Darran Rolls
    Pages 103-105
  11. Morey J. Haber, Darran Rolls
    Pages 107-116
  12. Morey J. Haber, Darran Rolls
    Pages 117-124
  13. Morey J. Haber, Darran Rolls
    Pages 125-135
  14. Morey J. Haber, Darran Rolls
    Pages 137-150
  15. Morey J. Haber, Darran Rolls
    Pages 151-155
  16. Morey J. Haber, Darran Rolls
    Pages 157-158
  17. Morey J. Haber, Darran Rolls
    Pages 159-161
  18. Morey J. Haber, Darran Rolls
    Pages 163-165
  19. Morey J. Haber, Darran Rolls
    Pages 167-170
  20. Morey J. Haber, Darran Rolls
    Pages 171-173

About this book


Discover how poor identity and privilege management can be leveraged to compromise accounts and credentials within an organization. Learn how role-based identity assignments, entitlements, and auditing strategies can be implemented to mitigate the threats leveraging accounts and identities and how to manage compliance for regulatory initiatives.

As a solution, Identity Access Management (IAM) has emerged as the cornerstone of enterprise security.  Managing accounts, credentials, roles, certification, and attestation reporting for all resources is now a security and compliance mandate. When identity theft and poor identity management is leveraged as an attack vector, risk and vulnerabilities increase exponentially. As cyber attacks continue to increase in volume and sophistication, it is not a matter of if, but when, your organization will have an incident. Threat actors target accounts, users, and their associated identities, to conduct their malicious activities through privileged attacks and asset vulnerabilities.

Identity Attack Vectors details the risks associated with poor identity management practices, the techniques that threat actors and insiders leverage, and the operational best practices that organizations should adopt to protect against identity theft and account compromises, and to develop an effective identity governance program.

You will:

  • Understand the concepts behind an identity and how their associated credentials and accounts can be leveraged as an attack vector
  • Implement an effective Identity Access Management (IAM) program to manage identities and roles, and provide certification for regulatory compliance
  • See where identity management controls play a part of the cyber kill chain and how privileges should be managed as a potential weak link
  • Build upon industry standards to integrate key identity management technologies into a corporate ecosystem
  • Plan for a successful deployment, implementation scope, measurable risk reduction, auditing and discovery, regulatory reporting, and oversight based on real-world strategies to prevent identity attack vectors


Identity Access Management IAM Identity Governance and Administration IGA BlockChain Security Zero trust security Identity Theft Roles Entitlements Attestation Credentials Privacy

Authors and affiliations


About the authors

Morey J. Haber is Chief Technology Officer at BeyondTrust. He has more than 20 years of IT industry experience, and has authored two Apress books: Privileged Attack Vectors and Asset Attack Vectors. He joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. He currently oversees BeyondTrust technology management solutions for vulnerability, and privileged and remote access. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Darran Rolls is CISO and Chief Technology Officer at SailPoint, where he is responsible for directing the company’s technology strategy and security operations. He has a long history in identity management and security at companies such as Tivoli Systems, IBM, Waveset Technologies, and Sun Microsystems. He has helped design, build, and deliver innovative, ground-breaking technology solutions that have defined and shaped the identity and access management (IAM) industry. He frequently speaks at industry events and to customers about IAM and next-generation enterprise security solutions.

Bibliographic information

  • Book Title Identity Attack Vectors
  • Book Subtitle Implementing an Effective Identity and Access Management Solution
  • Authors Morey J. Haber
    Darran Rolls
  • DOI
  • Copyright Information Morey J. Haber, Darran Rolls 2020
  • Publisher Name Apress, Berkeley, CA
  • eBook Packages Professional and Applied Computing Professional and Applied Computing (R0)
  • Softcover ISBN 978-1-4842-5164-5
  • eBook ISBN 978-1-4842-5165-2
  • Edition Number 1
  • Number of Pages XXIII, 196
  • Number of Illustrations 33 b/w illustrations, 0 illustrations in colour
  • Topics Security
  • Buy this book on publisher's site
Industry Sectors
IT & Software
Finance, Business & Banking