Get to Know Aembit and Workload IAM: Join Our Thursday Webinar!

RSAC™ Innovation Sandbox FINALIST 2024 banner
Aembit is an RSA Conference Innovation Sandbox finalist! Read the news
Blog

Introducing Authorization Events in the Aembit Workload IAM Platform

As our enterprise presence has grown, SecOps and DevOps teams sought an easier way to see why access to workloads was allowed or blocked.
Access autorization events' screen

Aembit now provides ‘authorization events,’ enhancing visibility alongside our established identity-based access logging for workloads. This feature is accessible across all product levels, with the duration of data retention varying according to tier.

From the start, we knew that visibility into workload-to-workload access was a key missing component of many enterprises’ security operations stack. Our product has always included identity-based logging so that you could easily assess which workload was accessing other workloads, services, or sensitive infrastructure. But as we have grown our footprint within enterprises, SecOps and DevOps professionals consistently asked for a simpler way to visualize each decision step in a policy to understand exactly why workload access was granted or denied.

Let’s take a deeper dive into authorization events and how they can help you. 

What is an Authorization Event?

An authorization event is a form of log that provides a specific, structured record of each step in Aembit’s policy evaluation against any given access request. 

Access authorization events provide a verdict – success or failure – and details for each completed processing step, including:

  • Client Workload Identification
  • Server Workload Identification
  • Access Policy Identification
  • Trust Providers Attestation
  • Access Conditions Verification
  • Credential Provider Retrieval

Below is an example of a workload running in Kubernetes requesting access to Azure via Microsoft Graph. Based on the policy the workload is required to be actively managed by Wiz in order to grant access.

This structured data can then be viewed within the Aembit Workload IAM Platform console, or exported to other systems, including SIEMs or data lakes, for further analysis.

Use Cases of Authorization Events

There are three major use cases of authorization events:

1) Troubleshooting

Why is a workload access policy not producing the desired result? A breakdown of each step within a policy eliminates guesswork and highlights the problem. For problems due to dynamic conditions, our platform’s ability to filter event types based on the client or severity level allows for quick comparison of relevant events.

2) Auditing

Your internal or external audits may require you to prove workload-to-workload access – or lack thereof. Authorization events provide the details needed to show not only if access was granted, but under what conditions.

3) Threat Detection and Response

In the event of an incident, you have an easy-to-access, easy-to-interpret resource that shows which workloads are requesting access to sensitive information and resources, as well as detailed knowledge of which resources are being granted access. 

Availability

This capability is available now in all tiers of our product, including our free tier, with retention timelines varying per level. 

We hope you find them useful! Please provide us feedback after you start using them.

Discover
Aembit logo

The Workload IAM Company

Manage Access, Not Secrets

Boost Productivity, Slash DevSecOps Time

No-Code, Centralized Access Management

You might also like

If this definitive list doesn't convince you to pay us a visit, learn about Workload IAM, and meet the people behind the product, nothing will.
Snowflake shines in storage and analytics, yet your success hinges on adhering to security best practices, with workload IAM acting as a crucial ally.
This attestation method is designed for on-premises setups without the availability of AWS or Azure metadata services.