Interview With Gal Sadeh - Head of Data and Security Research at Silverfort

Shauli Zacks Shauli Zacks

In a recent interview with SafetyDetectives, Gal Sadeh, Head of Data and Security Research at Silverfort, highlights the pivotal role of Silverfort in addressing identity protection challenges. With over seven years of expertise, Sadeh emphasizes that only one in five organizations can effectively prevent identity threats. The interview explores Silverfort’s innovative approach, particularly in securing “Unprotectable Systems” through agentless Multi-Factor Authentication (MFA). Sadeh underscores the growing importance of Identity Threat Detection and Response (ITDR) in modern cybersecurity, stressing the need for a unified security layer around identity infrastructure. The interview concludes with practical guidance for organizations, emphasizing collaboration between identity and security teams and implementing the “least privilege” rule. Sadeh’s insights offer a valuable perspective on navigating the evolving cybersecurity landscape with solutions like Silverfort.

Gal, thank you for taking some time out for me today. Can you discuss your background and current role as Head of Data and Security Research at Silverfort?

I’ve been in the cybersecurity industry, focusing on research, for over seven years now. As a senior data scientist on Silverfort’s research team, I’m primarily responsible for big data analytics and developing AI engines. Prior to working at Silverfort, I served on the 8200 elite cyber unit of the Israel Defense Forces.

What specific challenges or gaps in cybersecurity does Silverfort address with its platform?

The identity attack surface is becoming incredibly complex—exposing organizations more than ever before. Only one in five organizations can prevent identity threats, with very few being confident they could stop malicious access or lateral movement involving compromised credentials. These statistics will only improve when organizations have a complete picture of their identity infrastructure and a comprehensive way to protect it. Current tools such as Multi-factor Authentication (MFA) and Privileged Access Management (PAM) fail to deliver 360-degree protection and don’t offer real-time protection capabilities. That’s where Silvefort comes in.

Silverfort is helping to address one of the largest gaps in the security industry today—extending protection to identities that previously went unprotected (Service accounts, command line tools, OT infrastructure, etc.) and identity infrastructure.  Silverfort is the only identity protection platform to comprehensively secure identities and its infrastructure, protecting the blind spots attackers regularly compromise.  By providing a layer of security around identity, Silverfort protects the most vulnerable gaps to secure your most sensitive data and systems. Silverfort is vendor-agnostic and agentless and combines visibility & protection into a single product, making Silverfort the only solution that can protect all identities from a single, unified platform.

Can you explain in more detail what “Unprotectable Systems” means and why they pose a challenge to MFA implementation?

Organizations currently use a patchwork set of tools to secure identity and identity infrastructure. Most of these tools were developed in the mid-2000s.  This patchwork is replete with unprotected gaps and blind spots, leaving systems vulnerable to attack.  Mainstream MFA solutions can no longer handle today’s networks’ complexity and dynamic nature. Plus, newer identity security solutions are point solutions and don’t offer a singular, unified security layer that spans on-prem, the cloud, and everything else. Silverfort’s agentless MFA technology seamlessly enforces MFA protection and access to any sensitive system or device, including what was previously considered an “unprotectable system.” Silverfort protects the unprotected by enabling MFA for sensitive resources—including systems like homegrown and critical business applications, regulated systems and data (financial, healthcare, etc.), production servers, IT infrastructure (e.g., hypervisors, DCs, and network equipment), administrative access (e.g., PAM, RDP, SSH), and IoT devices—without deploying software agents or inline proxies and without integrations with individual systems.

What is the significance of Identity Threat Detection and Response (ITDR) in the context of modern cybersecurity?

Today’s organizations are challenged with securing many different ‘silos’ of digital identity across complex hybrid and multi-cloud environments—with each environment having siloed security controls. All these environments and silos are making identity security, including ITDR, more of a priority for all organizations and C-suites.

Identity infrastructure is the most unprotected part of the technology stack and needs protection like any cloud, endpoint, or network. If businesses don’t protect identities and their infrastructure, hackers will continue to exploit security gaps that identity teams don’t understand and can’t protect. Most businesses have hybrid cloud and on-prem environments, which might help increase productivity, but it’s a deterrent for a comprehensive security posture. Cloud environments—as part of today’s modern age—dramatically increase the identity attack surface to legacy systems by creating more opportunities for attackers to sneak in through the backdoor. Businesses need to consider protection for their service accounts, ensure they have MFA and PAM installed in every place possible, extend MFA to legacy systems, and ensure they can detect account takeovers and lateral movement. To make this a reality, security teams must begin collaborating with identity teams and serving as their partners to bridge these gaps—ultimately creating a security layer around identity.

What are the implications of the increasing use of IoT devices on cybersecurity, and how can these risks be mitigated?

Using IoT devices isn’t the problem; it’s how interconnected they are. If you have one compromised device connected to another, you can expect an attacker to compromise that one, too.  To secure IoT, one must do their best to segment and compartmentalize mission-critical environments that are connected to the internet.

Compromised identities—including IOT identities— continue to be the weapon of choice for cyber attackers.  Organizations attempt to solve this challenge with a patchwork network of controls and tools, but the tools are outdated or are simply another management solution, not security.   This approach leaves tons of holes, gaps, and blind spots that go unprotected, leaving systems vulnerable to attack. Businesses must consider protecting identity sprawl with a security layer like Silverfort.

Can you provide guidance on how organizations can proactively assess their identity threat detection and response readiness?

The identity attack surface is constantly expanding and reaching far beyond the power of what traditional MFA and PAM tools can secure. However, there are a few things organizations can do now to proactively access their identity security posture and get closer to the 360-degree protection required to defend against today’s threats. These include:

  • Med the gap that exists between identity and security teams. Until now, two very distinct conversations have been happening in identity and security team meetings, respectfully. To secure the identity infrastructure, security has to have a stake in the identity game. An aspect of these open discussions needs to include educating identity teams on why a security-first mindset will skyrocket their productivity and allow them to spend less time on draining tasks like chasing alerts.
  • Understand the existing security gaps. Before businesses can solve the identity security crisis, they need to understand the existing gaps. Most businesses operate in hybrid, interconnected environments where users access both on-premises and cloud resources using the same credentials. While this helps in some ways, it hurts security more by increasing the attack surface of both the cloud and on-prem environment. Organizations should ensure they have comprehensive visibility into all users’ authentications and access attempts, in addition to all implemented MFA and real-time identity segmentations.
  • Follow the rule of “least privilege.” Creating and instituting policies that ensure no user can access more resources than they need to do their job effectively is one way to protect privileged accounts. By comparing users’ access entitlements with what they are accessing, identity and security teams can save themselves from playing catch-up later on and be ready to combat security issues in real time.
About the Author

About the Author

Shauli Zacks is a tech enthusiast who has reviewed and compared hundreds of programs in multiple niches, including cybersecurity, office and productivity tools, and parental control apps. He enjoys researching and understanding what features are important to the people using these tools.