SailPoint: Why Identity Is The New Security Frontier
As AI agents, bots and machine identities begin to outnumber human users across enterprise networks, managing who has access to what has never been more complex or more critical.
This shift comes as Scattered Spider, a hacking group largely made up of teens and young adults believed to be from the US and UK, slips from mainstream attention. Yet the impact of its social engineering-led campaigns is still being counted across retail, financial services and other high-value sectors.
Few people understand the evolution of cybercrime and the mechanics behind these attacks better than Rex Booth, Chief Information Security Officer at SailPoint. With more than two decades across the cybersecurity spectrum, including roles at CISA, The White House and Mandiant, Rex has watched the industry move from perimeter defence to identity-driven protection.
Today, he is helping shape SailPointâs mission to automate access governance for a world where identities are no longer just human.
In this Q&A, Rex shares his perspective on the rise of non-human identities, the changing nature of cyber risk and why automation and AI are now essential to modern identity security.
If Scattered Spider retires but cyber threats donât, what really needs to change now?
Ultimately, whether one group of criminals retire or not doesnât really matter to the victims.
Cyber threats and digital crime are opportunity driven â if one gang steps aside, a new one will eagerly take their place. Thatâs why we need to change our focus and look at prevention more than personalities.
You can have the best tech in the world, but without user vigilance itâs redundant. With all the buzz around nation-state threats, it can be easy to forget that sometimes our vulnerabilities are much closer to home. Itâs imperative that businesses prioritise training initiatives and simulations for employees, who are the first line of defence against social engineering attacks.
What would you say locks the digital doors tighter against rising crime?
You need both elements running alongside each other if youâre going to keep bad actors locked out. Prevention requires social intervention as much as it requires technological fortifications.
Businesses should absolutely be using tech that automates processes like threat detection and remediation. However, a culture where employees feel empowered to pause and question unusual requests for credentials has to run alongside that.
Organisations can use identity security tools to support cyber training programmes, so they become more targeted and personalised based on individual need. These tools can help to identify high-risk employees that would benefit most from cyber training by aggregating and analysing user data. For example, employees with multi-factor authentication (MFA) disabled, employees that frequently access sensitive data or users with frequent failed login attempts.
With cyber gangs sharing playbooks, how can CISOs stay one step ahead?
Recently, we saw Shiny Hunters borrow social engineering tactics from Scattered Spider and itâs not an isolated incident. Gangs trade knowledge, tactics, tools and even people.
Plus, ransomware-as-a service has erased many technical barriers and made cybercrime accessible to anyone with time, a laptop and an internet connection.
Crime now moves faster, enabled by easy access to knowledge and capabilities.
All this sharing means two things: attacks are going to get more frequent and the results will be less predictable.
CISOs looking to stay one step ahead need to be great strategists, not just technologists.
Keeping crime out means securing buy-in from the wider business â getting them to view security as an enablement function.
Traditionally, security has been viewed as the department of ânoâ, but weâre not just here to block things.
If weâre going to keep things safe, we need our stakeholders to understand weâre collaborators, not obstacles.
How is AI-powered identity security rewriting the rules for stopping social engineering attacks?
There's a tremendous opportunity to leverage AI against social engineering. Itâs especially great at observing patterns and spotting anomalies.
For instance, an employee thatâs attempting to login at an unusual time or location. AI-powered security tools can identify and assess risk and then remediate it instantaneously, by triggering extra verifications or blocking access altogether.
Next-gen security tools are powering the transition to âadaptive identityâ â where identities are managed in a dynamic, rather than a static way, based on real-time context and user behaviour.
Ultimately, securing all users, applications and data has become a task that’s transcended the ability for humans to accomplish alone.
AI-powered identity security can spot subtle threats that humans might miss.
As a former White House advisor, what prevention move would you make mandatory across critical sectors today?
Every organisation, not just those in critical sectors, have got to get their machine identities and AI agents under control.
In order to reap the benefits of AI, organisations are either leveraging the speed of an agent or granting them broad permissions – often it’s both.
That combination of speed and permissions can lead to disaster when left uncontrolled.
As things stand, AI agents are running riot – with 80% of organisations reporting that their AI agents have already performed unauthorised actions, including accessing and sharing sensitive information.
This is more than a security concern; it’s a business risk.
Regulators are paying attention not just to the organisations they directly oversee, but also to the broader supply chain. And rightfully so.
We’ve seen third party risk manifest into multi-million-pound losses across various industries.
If organisations want to avoid risk and prevent an ‘identity explosion’, they need to introduce technology that governs AI agent access rights in the same way they would humans.
That’s particularly important for critical sectors because they deal with huge volumes of sensitive and privileged data.
Identities – be they human, machine or AI – must be managed effectively.
