Identity Threat Protection and Privilege Control for Cloud Entitlements

The Delinea Platform offers capabilities of Cloud Infrastructure Entitlement Management (CIEM) and Identity Threat Detection and Response (ITDR) in a seamless experience unified with your secrets vault and other privileged access management capabilities.

Identity Threat Protection (ITP) and Privilege Control for Cloud Entitlements (PCCE) help to increase the security of your organization against the modern threats of identity-based attacks and over-privileged access to cloud infrastructure and SaaS tools.

A sub-set of these capabilities is included in Cloud Identity Discovery (CID), which extends Secret Server Cloud on the Delinea Platform, enabling enhanced discovery of privileged accounts within cloud environments. To learn more, see Cloud Identity Discovery.

Throughout this chapter on ITP/PCCE, the terms users, accounts, and identities generally refer to cloud service users/accounts or cloud identities, and not to Delinea Platform users.

Identity Threat Protection

ITP helps increase security from identity-based threats such as malicious insiders, account takeovers, and privilege escalations, ensuring that risks and threats are discovered, investigated, and mitigated in line with security operations.

ITP enables:

• Least Privilege and Secure Access Baseline: Restrict privileges to Just Enough Access, thereby detecting and eliminating risks of stale access, over-privileges, and privilege escalation paths across cloud services and applications.

• Lifecycle Change Monitoring: Eliminate privilege sprawl and incomplete off-boarding by continuously monitoring identity, access, and usage data to ensure that employees and external contractors do not hold access privileges they no longer require.

• Automate Remediation and Incident Response: Provide automated remediation and response workflows to ensure that risks are eliminated and threats are mitigated, via easy integrations with SIEM, SOAR, and XDR solutions to ensure standard procedures in handling identity and access incidents.

Privilege Control for Cloud Entitlements

Privilege Control for Cloud Entitlements (PCCE)reduces access risks across multi-cloud infrastructure by controlling privilege sprawl. The benefits of PCCE include:

• Right Sizing Permissions to Prevent Privilege Escalations: Mitigate complex access risks from human and machine identities, including third parties, across cloud infrastructure, applications, and IAM solutions.

• Hardening the Identity Security Posture: Automatically monitor IaaS, SaaS, and IAM solutions to identify misconfigurations and exposed resources, ensuring continuous compliance with standards and industry regulations.

• Establishing a Secure Access Baseline with Advanced Analytics: Maintain Least Privilege by eliminating risky and excessive access with ML-based contextual insights and remediating misconfigurations across cloud environments.

Setting Up ITP and PCCE

For instructions on setting up ITP and PCCE, follow the relevant link or links below:

• Integrating AWS with the Delinea Platform (PCCE)

  • Integrating Individual AWS Accounts (via CloudFormation)

  • Integrating Multiple AWS Accounts (via CloudFormation StackSets)

  • Integrating Individual AWS Accounts via Third-Party Tools

  • Integrating AWS Identity Center with the Delinea Platform (PCCE)

• Integrating Entra ID & Azure Cloud with the Delinea Platform (ITP/PCCE)

• Integrating Google Cloud Platform (GCP) with the Delinea Platform (ITP)

• Integrating Okta with Delinea Platform (ITP)

• Integrating PingOne with Delinea Platform (ITP)

• Integrating Snowflake with Delinea Platform (ITP)

• Integrating Workday with the Delinea Platform (ITP)