proactive measures. Furthermore, traditional threat intelligence often lacks the context needed to identify
            the actor behind an attack, hindering preventative efforts.



            The Shift Towards Identity-Centric Security

            The reality is that identifying malware before user execution is increasingly challenging. Modern security
            breaches frequently involve compromised identities, an element that traditional IOC feeds often miss.
            Verizon’s 2024 Data Breach Investigations Report (DBIR) indicates that stolen credentials have been a
            factor in nearly one-third (31%) of all breaches over the past decade. Research from Varonis in 2024
            reveals that 57% of cyberattacks begin with a compromised identity. Attackers are increasingly choosing
            to "log in" rather than "hack in," exploiting either valid username and password combinations or exposed
            session objects (e.g. cookies) obtained through various means. This approach allows them to bypass
            security controls by impersonating legitimate users. Multi-Factor Authentication (MFA), while valuable,
            does not fully mitigate the risks associated with compromised identities, especially when considering
            session objects exfiltrated through infostealer malware. Traditional defensive strategies and IOC-based
            defenses are often blind to these incursions, as malicious activity appears to be legitimate user behavior.

            This evolving threat landscape necessitates a proactive approach, driving cybersecurity professionals to
            adopt identity-centric cyber intelligence. This approach shifts the focus from chasing transient technical
            indicators  to  monitoring  human  and  non-human  entities  within  digital  ecosystems.  Instead  of  solely
            focusing on blocking malware or IP addresses, cybersecurity teams are now prioritizing questions like
            "which  identities,  credentials,  sessions,  or  personal  data  have  been  compromised?".  This  evolved
            strategy involves correlating various seemingly disparate signals, such as usernames, email addresses,
            and passwords, across multiple data breaches and leaks to develop a comprehensive understanding of
            risky identities and the threat actors behind them. The effectiveness of this approach is directly related to
            the volume and hygiene of the data analyzed; more high fidelity data leads to richer and more accurate
            intelligence.  For  example,  identity-centric  cyber  intelligence  can  quickly  verify  if  a  user’s  email  and
            password have been exposed in recent data breaches and analyze historical data to identify patterns of
            misuse.  Correlating  timely  and  comprehensive  data  provides  a  level  of  contextual  awareness  that
            traditional threat intelligence lacks.



            The Power of Identity Signals

            Identity signals are crucial for distinguishing legitimate users from imposters or synthetic identities. The
            rise of remote and hybrid work models, cloud services, and VPNs has made it easier for attackers to
            create synthetic identities or compromise valid user identities. While traditional indicators like source IP
            addresses are insufficient to determine the legitimacy of a user, an identity-centric approach excels in
            this area. By analyzing multiple attributes associated with an identity against extensive data stores of
            breached data and fraudulent identities, organizations can identify risky identities. For instance, an email
            address with no prior legitimate online presence that suddenly appears in numerous unrelated breach
            datasets could indicate a synthetic profile.








                                                                                                            247