Countless organizations rely on Microsoft Azure to create their most innovative and secure application and workload environments in the cloud. Today identity protection for cloud and web applications doesn’t provide native support for core enterprise resources like legacy applications, workstations, and servers. This leaves them exposed to identity threats without any security countermeasures. And because of the interconnected hybrid environment, this gap enables attackers to use on-premises identity Silverfort delivers unified identity protection that bridges these gaps across on-premises environments and cloud to the edge.
Meeting the challenges of unified identity protection across cloud and on-premises
Today’s typical hybrid world of on-premises, cloud, and edge environments has removed the restraints of innovation, collaboration, and application access for SMBs to enterprises. Concurrently, this innovative hybrid workflow has also unleashed a rise in identity attacks and security gaps still remain for enterprises in protecting core resources.
The sheer complexity of today’s hybrid environments results in end-to-end gaps that existing authentication and access solutions cannot close. Organizations will continue to use on-premises, cloud, and edge environments that are difficult to manage and secure in terms of identity access controls. This creates a particular set of challenges for hybrid environments that includes:
- Homegrown and legacy applications
- IT infrastructure
- File systems, databases, and printer networks
- Admin interfaces like command-line tools
- Industrial control systems
- Multiple cloud environments
These aspects can leave identity-based access control and multi-factor authentication coverage gaps, which, in a hybrid environment where access needs are more fluid, can lead to a high risk of ongoing data breaches. SMBs to enterprises have lacked a unified solution for identity protection across all users, systems, and environments that emphasizes enforcement of risk-based authentication and zero-trust policies.
Silverfort’s Unified Identity Protection platform
Silverfort’s Unified Identity Protection platform was the first of its kind, purpose-built for prevention, detection, and response against attacks via compromised credentials to access targeted resources. Its patented agentless and proxy-less technology integrates with all identity providers in a hybrid environment. This adds a native, real-time protection layer for all authentication and access attempts on-premises, in the cloud, and at the edge.
Now, organizations can extend multi-factor authentication (MFA), identity threat detection and response (ITDR), and zero-trust policies to any user, system, and environment, including legacy applications, service accounts, command-line access to workstations, and servers, as well as any other core resources that previously couldn’t have MFA protection.
Thanks to its integration with multiple security and identity solutions, Silverfort enables risk-based authentication, MFA, and detection for account takeover, malicious remote connections, and lateral movement. Organizations can thus securely migrate applications and assets to the cloud, including applications that do not provide cloud-native identity protection support.
How Azure Services are helping
Azure Cloud Services is a cloud computing platform leader for Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Countless organizations use many of Azure’s over 200 products and cloud services to run and manage applications across multi-cloud, on-premises, and edge environments. Azure Cloud supports a wide range of operating systems, programming languages, frameworks, tools, databases, and devices while delivering cloud and IT environment integration with extensive security tools and integrations.
Active Directory (AD) delivers processes and services for Windows domain networks. Most Windows Server operating systems include it to store information about objects on the network. It’s designed to make it easy for admins or users to find and use shared resources, including servers, volumes, printers, and network user computer accounts. AD also offers integrated security through logon authentication and access control to objects in the directory.
Active Directory Federation Services (AD FS) run on Windows Server operating systems giving users single sign-on (SSO) access to their systems and applications. These can exist inside or outside corporate firewalls such as other company extranets or cloud provider-hosted services.
Azure Active Directory (Azure AD), a cloud-based IAM service, helps you access external resources, including thousands of SaaS applications. It offers multi-cloud identity and access management via single sign-on, multi-factor authentication, and conditional access to guard against cybersecurity attacks. While AD manages traditional on-premises infrastructure and applications, Azure AD focuses on managing user access to cloud applications.
Azure Active Directory MFA (multi-factor authentication) helps organizations safeguard data and application access via an additional layer of security that requires a second form of authentication. Organizations can enable conditional access with MFA to fit specific users and groups.
Microsoft 365 Defender delivers a unified defense suite for SMBs and enterprises to coordinate detection, prevention, investigation, and response across endpoints, identities, email, and applications. This gives IT security pros a complete view of potential threats and potential organizational impact across Office 365, Azure AD, AD DS, and cloud apps. The integrated Microsoft 365 Defender solution then delivers an automated response to detected threats, stops attacks, and remediates affected mailboxes, endpoints, and user identities.
How Silverfort integrates with Microsoft Azure Services for unified protection
Silverfort delivers its authentication service from the Azure cloud to provide unified identity protection across on-premises, cloud, and edge environments. It does this by integrating with multiple Microsoft services to protect customers’ identity infrastructure via a unique patented technology. This starts with AD integration to forward authentication events to Silverfort, which can then prompt the user for MFA or deny access based on the user trust profile.
“Many enterprise environments today rely on technologies like Active Directory and Azure Active Directory at the center of their identity infrastructure. Having a close partnership with Microsoft is the foundation of our integration with these and other Microsoft tools and platforms, which enables us to maximize their identity and access security capabilities for our clients using their services,” said Yaron Kassner, co-founder and CTO of Silverfort.
Silverfort further integrates with Azure AD to use its security controls to protect all applications in AD and AD FS. This integration extends to other third-party identity solutions and allows Silverfort to bridge those authentications to Azure AD. It can then prompt the user to sign in with Microsoft and protect authentication to other identity providers and directories with Azure MFA, Azure AD conditional access, Azure AD Privileged Identity Management (PIM), and monitor them with sign-in logs.
Microsoft 365 Defender integration with Silverfort enables adding MFA on-premises as a remediation to any threat detected by Microsoft Defender for EndPoint, Office 365, Identity, or Cloud Apps. This adds a new real-time response capability to detected threats and enables a soft and effective remediation that blocks the threat from spreading on-premises.
Multi-factor authentication across all systems
Combining Microsoft product suite helped Silverfort create their unified identity protection product. Azure AD MFA can now be extended to all applications and systems, including ones that couldn’t be protected before. All applications and systems can be connected to Azure AD, which will enable enforcement of unified security policies and controls. Real-time response to detected threats can now be added to Microsoft 365 Defender to prevent the spread of ransomware and other threats in any environment, including on-premises and other cloud environments.
To get access to the whole range of Azure products and services, sign up to Microsoft for Startups Founders Hub today.