Identity governance specialist is adding AI to its mix.
SailPoint's business is identity governance for on-premises and cloud systems, global vice-president for product management Paul Trulove (pictured) told iTWire.
The company sees identity and access management as being central to security, so SailPoint's platform is designed to work with other security products such as privileged account management and security information and event management (SIEM) products.
Identity management and privileged account management have traditionally been seen as two separate technologies, but much can be gained by "putting identity at the centre of enterprise security."
{loadposition stephen08}For example, CyberArk's Privileged Account Security Solution acts as a 'vault,' he explained, allowing users to check out privileged account credentials, watching what they do, and then checking the credentials back in.
What security teams want to do, he said, is control CyberArk from SailPoint in order to obtain full visibility of who did what. So SailPoint has provided APIs for this type of integration.
Integration with ITSM systems such as ServiceNow is also provided, allowing for situations where human intervention is needed to correct an issue.
The next step will be to start applying AI to identity governance. A forthcoming product called Identity AI will take historical access records and perform peer group analysis to initially look for unusual situations.
Trulove gave the example of an employee who had recently been promoted but still had the access rights associated with their previous role even though they were no longer appropriate.
It will subsequently look for behavioural outliers, such as an individual requesting access that no peer has previously sought. This will allow the automatic escalation of high-risk situations, while routine requests will be processed with or without human intervention as appropriate.
The AI will also be fed by other systems such as SIEM, allowing it to determine baselines and detect outliers. For example, 95% of accesses to a certain system might occur during normal business hours, so the security team will be alerted to a spike in weekend access. It might be indicate inappropriate or malicious use of the system, or it could be something as innocent as the employee visiting a branch or customer in Tel Aviv, where Sunday is a normal working day.
Over time, the AI will learn about behaviours that are approved, allowing it to automatically mitigate those that aren't.
"It's really about risk mitigation and proactive responses," Trulove said.
SailPoint has had a presence in Australia since 2008. Local customers include leading life insurer TAL (more than 1800 identities under management), the top five banks (a combined 250,000 identities; SailPoint is generally coy about naming customers, but that clearly includes ANZ, CBA, NAB, Westpac and either Bendigo and Adelaide or Macquarie), and the "largest retailer" (200,000 identities; presumably Woolworths), two major energy companies, and four Commonwealth Government organisations.
There is increasing interest from higher education and other sectors that need to protect personal information, Trulove observed.