Starting Soon! Want to secure workload access to LLMs like ChatGPT? Join Our Webinar | Today at 1 pm. PT

Aembit Earns Prestigious Runner-Up Spot at RSA Innovation Sandbox Contest! Watch the Announcement

RSAC™ Innovation Sandbox FINALIST 2024 banner
Aembit is an RSA Conference Innovation Sandbox finalist! Read the news
Blog

Introducing Authorization Events in Aembit Workload IAM

Access autorization events' screen

Aembit now provides ‘authorization events,’ enhancing visibility alongside our established identity-based access logging for workloads. This feature is accessible across all product levels, with the duration of data retention varying according to tier.

From the start, we knew that visibility into workload-to-workload access was a key missing component of many enterprises’ security operations stack. Our product has always included identity-based logging so that you could easily assess which workload was accessing other workloads, services, or sensitive infrastructure. But as we have grown our footprint within enterprises, SecOps and DevOps professionals consistently asked for a simpler way to visualize each decision step in a policy to understand exactly why workload access was granted or denied.

Let’s take a deeper dive into authorization events and how they can help you. 

What is an Authorization Event?

An authorization event is a form of log that provides a specific, structured record of each step in Aembit’s policy evaluation against any given access request. 

Access authorization events provide a verdict – success or failure – and details for each completed processing step, including:

  • Client Workload Identification
  • Server Workload Identification
  • Access Policy Identification
  • Trust Providers Attestation
  • Access Conditions Verification
  • Credential Provider Retrieval

Below is an example of a workload running in Kubernetes requesting access to Azure via Microsoft Graph. Based on the policy the workload is required to be actively managed by Wiz in order to grant access.

This structured data can then be viewed within the Aembit Workload IAM Platform console, or exported to other systems, including SIEMs or data lakes, for further analysis.

Use Cases of Authorization Events

There are three major use cases of authorization events:

1) Troubleshooting

Why is a workload access policy not producing the desired result? A breakdown of each step within a policy eliminates guesswork and highlights the problem. For problems due to dynamic conditions, our platform’s ability to filter event types based on the client or severity level allows for quick comparison of relevant events.

2) Auditing

Your internal or external audits may require you to prove workload-to-workload access – or lack thereof. Authorization events provide the details needed to show not only if access was granted, but under what conditions.

3) Threat Detection and Response

In the event of an incident, you have an easy-to-access, easy-to-interpret resource that shows which workloads are requesting access to sensitive information and resources, as well as detailed knowledge of which resources are being granted access. 

Availability

This capability is available now in all tiers of our product, including our free tier, with retention timelines varying per level. 

We hope you find them useful! Please provide us feedback after you start using them.

Discover
Aembit logo

The Workload IAM Company

Manage Access, Not Secrets

Boost Productivity, Slash DevSecOps Time

No-Code, Centralized Access Management

You might also like

Aembit Workload IAM extends RBAC by grouping and isolating non-human resources and policies within an organization or tenant.
As organizations emphasize safeguarding non-human identities, you must balance immediate security measures with long-term oversight and compliance.
Sticky note security now plagues application and service connections, necessitating a shift to more mature workload access safeguards.