Full Report
Gain visibility into non-human identities in your environment and protect against risky service accounts with the new Non-Human Identities Dashboard.
Analysis Summary
This article focuses on the security challenges posed by the exponential growth of **Non-Human Identities (NHIs)** in cloud environments and introduces a new feature for addressing these risks.
# Tool/Technique: Non-Human Identities Dashboard (Wiz CIEM Feature)
## Overview
The Non-Human Identities Dashboard is a new feature within the Wiz Cloud Infrastructure Entitlement Management (CIEM) solution designed to provide organizations with comprehensive visibility and risk prioritization specifically for non-human identities (such as service accounts, serverless functions, and machine identities) in multi-cloud environments. Its purpose is to secure these identities, which are increasingly targeted in supply chain attacks.
## Technical Details
- Type: Tool/Feature (Part of a CIEM security platform)
- Platform: Cloud Environments (Multi-cloud support implied)
- Capabilities: Visibility into NHIs, risk detection (high privileges, internet exposure, vulnerabilities), activity mapping by country, horizontal/lateral movement path analysis, and risk prioritization.
- First Seen: Date not specified, but announced as a new launch in the article context.
## MITRE ATT&CK Mapping
Since this is a **defensive** tool/feature designed to *detect and mitigate* risks associated with identity misuse, the associated techniques primarily map to **Defense Evasion, Credential Access, and Lateral Movement** if left unaddressed. However, the feature itself aligns strongly with **Defense & Response** tactics:
- **TA0005 - Defense Evasion** (Relevant if compromised NHIs are used by an attacker)
- T1078.004 - Valid Accounts: Cloud Accounts (NHIs are a type of cloud account)
- **TA0006 - Credential Access** (Relevant if high-privilege credentials of NHIs are compromised)
- T1213 - Account Discovery
- **TA0008 - Lateral Movement** (Relevant as the tool explicitly maps paths leading to lateral movement)
- T1078.004 - Valid Accounts: Cloud Accounts
## Functionality
### Core Capabilities
- **Visibility:** Quickly identifies all non-human identities within the environment.
- **Risk Identification:** Detects service accounts with administrative or high privileges.
- **Regulatory Compliance View:** Visualizes service account activity mapped by geographic country.
- **Prioritization:** Provides exact prioritization of critical non-human identity risks.
### Advanced Features
- **Attack Path Analysis:** Integrates visibility with attack path analysis to identify risky accounts that can access sensitive data or enable lateral movement.
- **Lateral Movement Mapping:** Identifies specific accounts that could be abused to escalate privileges or reach sensitive data (e.g., a service account assumed by all users with sensitive access).
- **Skill Gap Bridging:** Simplifies understanding of multi-cloud IAM risks for security engineers and developers without requiring deep expertise in each specific cloud provider's IAM system.
## Indicators of Compromise
As this is a description of a defensive tool, no direct malicious IoCs are provided. The risks it identifies are:
- **Behavioral Indicators:** NHIs exhibiting high privilege usage, internet exposure combined with vulnerabilities, or paths allowing for unauthorized role assumption across users.
- **Risk Profile:** Non-human identities belonging to machines that possess high privileges, are exposed to the internet, and contain vulnerabilities (cited as present in 42% of surveyed organizations).
## Associated Threat Actors
The article implies that threat actors exploit the security gaps in managing NHIs, specifically linking these weaknesses to **supply chain attacks** targeting third-party applications and services that use service accounts.
## Detection Methods
- **Behavioral Detection:** Monitoring for abnormal activity related to service accounts, privilege escalation attempts, and access patterns traced back to vulnerable, internet-exposed machines.
- **Risk Assessment:** Utilizing CIEM logic to continually scan and assess the entitlement posture and known vulnerabilities associated with non-human identities.
## Mitigation Strategies
- **Adopt CIEM:** Implement a comprehensive CIEM solution (like Wiz) to gain centralized visibility into non-human identities.
- **Risk Reduction:** Proactively remove identity risks such as unnecessary high privileges associated with machines.
- **Least Privilege:** Ensure NHIs only have the minimum access necessary for their assigned tasks.
- **Vulnerability Management:** Prioritize patching or isolating internet-exposed NHIs that currently hold high privileges.
## Related Tools/Techniques
- **Cloud Infrastructure Entitlement Management (CIEM):** The category of security tools used to manage cloud identity entitlements.
- **Cloud Native Application Protection Platform (CNAPP):** The broader security category Wiz offers capabilities within, which encompasses CIEM functionality.