Identity Segmentation

Narendran Vaideeswaran - June 28, 2023

What is Identity Segmentation?

Identities (i.e., users: human accounts, service accounts, privileged accounts) are one of the key pillars in the Zero Trust security framework. With over 80% of attacks leveraging user credentials, the perimeter should move closer to the user — the “last line of defense.”

Identity segmentation is a method to restrict access to applications/resources based on identities.

Identity Segmentation vs. Identity-Based Segmentation

It’s important to note that CrowdStrike’s definition of identity segmentation is different from Gartner’s “identity-based segmentation.” CrowdStrike’s identity segmentation enforces risk-based policies to restrict resource access, based on workforce identities.

Gartner’s identity-based segmentation, on the other hand, is essentially a microsegmentation technique that enforces policies based on “application/workload identity,” like tags and labels, and may have to be manually defined at the configuration stage. It has nothing to do with workforce identities.

Identity Segmentation vs. Network Segmentation

Below we outline the difference in functionality between network segmentation and identity segmentation:

FunctionNetwork SegmentationIdentity Segmentation
Visibility and Security ControlCovers network connections and zonesCovers user identity, attack path visibility,
authentication footprint, behavior and risk
PoliciesPolicies are applied on workload identities, ports and IP addresses connecting to the
resource/workload
Policies are applied on identities based on
behavior, risk and over 100 analytics
Legacy System ProtectionProtection for legacy systems can be tricky (e.g., ransomware attack initiating lateral
movement using compromised credentials)
Protects legacy resources and proprietary
applications by extending risk-based identity
verification (multifactor authentication)
OperationalizationIs limited by network scope and application
type, especially for SaaS applications and
private clouds

There’s additional complexity when creating
zones and enforcing policies
Protects on-premises and SaaS applications,
regardless of their location

IntegrationsThreat intel integration, behavior and other
integrations are required to enforce access controls
Built-in, real-time threat intelligence, threat
detection and prevention is powered by the
CrowdStrike Security Cloud for all autoclassified workforce identities, whether on
on-premises Active Directory (AD) or in the
cloud (Entra ID)

APIs integrate with SSO and federation
solutions, like Okta, AD FS and PingFederate,
and several other security tools like UEBA,
SIEM, SOAR and many others

CrowdStrike’s Approach to Identity Protection

CrowdStrike Falcon Identity Protection shifts the perimeter closer to the “last line of defense” with identity segmentation by:

  • Providing granular multi-directory visibility and continuous insights into every account
  • Auto-classifying every account: human user, service accounts, privileged accounts, accounts with compromised passwords, stale user accounts and many more
  • Identifying security gaps based on individual risk scores from over 100 behavior analytics
  • Enabling attack path visibility to detect threats across the multiple stages in the kill chain including reconnaissance, lateral movement and persistence
  • Enforcing segmentation policies to restrict access to resources based on identity

Network Segmentation vs. Identity Segmentation

Download this white paper to understand CrowdStrike’s approach to identity segmentation.

Download Now

GET TO KNOW THE AUTHOR

Narendran is a Director of Product Marketing for Identity Protection and Zero Trust at CrowdStrike. He has over 17 years of experience in driving product marketing and GTM strategies at cybersecurity startups and large enterprises such as HP and SolarWinds. He was previously Director of Product Marketing at Preempt Security, which was acquired by CrowdStrike. Narendran holds a M.S. in Computer Science from University of Kiel, Germany.