Zero Trust / Enterprise Security

Tasghir Teghrit l-Hojom (Attack Surface) dyal l-IAM b l-Isti3mal dyal mnasat l-Ro'ya w l-Dak'aa dyal l-Hwiya (IVIP)

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

09 أبريل 2026

Tasghir Teghrit l-Hojom (Attack Surface) dyal l-IAM b l-Isti3mal dyal mnasat l-Ro'ya w l-Dak'aa dyal l-Hwiya (IVIP)

TL;DR (kholasat l-mawdu3)

Nidham l-Idara dyal l-Hwiya w l- وصول (IAM) f l-charikat wsel l-wahed l-marhala harika, hit 46% mn l-anchita dyal l-hwiya ghadya kharij nadar dyal l-firaq l-amniya l-markaziya. Bach nseddo had l-fajwa li msemmiya "Identity Dark Matter" (l-madda l-modlima dyal l-hwiya), Gartner khrejt wahed l-fina jdid smito Identity Visibility and Intelligence Platform (IVIP). Had l-mnasat kat3ti wahed tabaqa dyal l-moraqaba l-mustamira li khdama b l-idaka' l-istina3i (AI), bach tjemme3 l-xiyanat l-mcha7ta w t3ti tahaqum f l-waqt l-haqiqi f l-hwiyat l-bachariya w ghayr l-bachariya.

Azmat l-Tachtit dyal l-Hwiya

L-IAM f l-charikat l-asriya kiywajeh azma kbira f l-ro'ya. Ma3a t-tawasso3 dyal l-charikat f alaf dyal t-tatbiqat w l-firaq l-lamarkaziya, l-nachat dyal l-hwiya walla mtachtat bzeff. Hadchi khlaq wahed l-dahira smitha Identity Dark Matter: nachat dyal hwiya kikhdem b'id 3la l-adawat dyal l-IAM l-qlidiya w l-firaq l-amniya.

3la hseb l-abhath dyal Orchid Security, 46% mn l-nachat dyal l-hwiya f l-charikat kiywqe3 kharij ro'ya dyal l-IAM markszi. Had l-tabaqa l-mkhbiya fiha:

Tatbiqat ma-msayrach (unmanaged) w Hisabat mahaliya.
Masarat l-ta'kid (authentication) li ma-baynach.
Hwiyat dyal l-alat (machine identities) 3ndha salahiyat ktr m-l-lazem.
L-khoroj l-sari3 dyal l-Agentic AI (A3wan l-idaka' l-istina3i).

Natija hiya wahed l-fajwa khatira bin l-wad3iya l-amniya li l-charikat shabliha 3ndha, w bin l-ousoul (access) li f-l-waqi3.

Ta3rif l-IVIP: "Nidham l-Andima"

Gartner qedmat l-Identity Visibility and Intelligence Platform (IVIP) bach tsed had l-fajwat l-amniya. Had l-mnasa jaya f l-Mustawa 5 dyal l-Identity Fabric (li khass b l-Ro'ya w l-Moraqaba), w katl3eb dawr dyal tabaqat ichraf mustaqilla foq l-adawat dyal l-idara w l-hawkama l-3adiya.

Bl-khilaf f dyal l-adawat l-qlidiya dyal l-Identity Governance and Administration (IGA), li kat3tamad 3la l-tawtiq l-yadawi w l-i3dadat l-tabta, l-IVIP kat3ti:

Nitaq Chamil: Ro'ya f l-andima l-mosayara, ghir l-mosayara, w l-manfasla.
Basira l-Mustamira f l-Waqt l-Haqiqi: Telemetry f l-hin f blasst l-ta'kidat l-dawriya l-qdima.
Daka' Modam b l-LLM: Isti3mal l-AI bach yfhem l-niya (intent) w ytahlil l-suluk badal l-mantiq l-mabni 3la qawa3id basita.

L-Motatalabat l-Asasiya dyal l-IVIP

Bach tkon l-IVIP fa3ala, khassha tdir tlata dyal l-wada'if:

L-Iktichaf l-Mustamir: l-ilqa' dyal ga3 l-hwiyat l-bachariya w ghayr l-bachariya, hta dok li ma-m'anregistryin-ch rasmiyan.
Tawhid l-Xiyanat: Katkhdem k-mnasa dyal xiyanat l-hwiya li katjme3 l-icharat l-mfrqa mn l-directories w l-binya l-tahtiya f "masdar wahed dyal l-haqiqa".
Daka' Nachit: Tahwil l-xiyanat l-kham (raw telemetry) l-ma3loumat l-3amaliya, bhal t-tashih l-atomatici w tbadol l-icharat f l-waqt l-haqiqi (b-isti3mal ma3ayir bhal CAEP).

Orchid Security: Tatbiq l-IVIP f l-Waqi3

Orchid Security kitchtef Mitāl asasi dyal l-IVIP khdam. Blasst ma t3tamad 3la l-integrations dyal l-API l-3adiya, Orchid katkhdem b "binary analysis" w "dynamic instrumentation" bach tfhess mantiq l-ta'kid (authentication) l-dakhel dyal l-applikasyonat nichan.

1. L-Qada' 3la l-Identity Dark Matter

Bla ma t-htaj tbaddel l-source code aw l-APIs, Orchid katbiyn "Shadow IT", l-andima l-qdima (legacy), w l-apps l-m3dla (custom). Hadchi kikhelli l-charikat ichoufo l-hisabat l-mahaliya w masarat l-ta'kid li l-adawat l-qlidiya makatchofhomch.

2. Tawhid l-Xiyanat Mabni 3la l-Adilla

Orchid katched l-audit telemetry mn l-dakhel dyal l-apps w kat-tijma3ha m3a l-logs dyal l-IAM l-markszi. Hadchi kikhliaq wahed "tabaqat adilla" kat-biyn kifach l-hwiyat kat-sarref f l-waqi3, l-chi li kikhelli l-firaq iqarno bin l-qawanin l-mktouba (policy) w l-wossoul l-haqiqi.

3. Nata'ij Daka' Qabila l-Tanfid

L-audits li daret Orchid reb3at stats sdamin 3la l-hala dyal l-amn f l-charikat:

85% mn l-applikasyonat fihom hisabat mn domains qdama aw kharijiya (20% mnha emails dyal l-afrad/consumers).
70% mn l-applikasyonat fiha salahiyat zayda 3la l-qyas (excessive privileges).
40% mn ga3 l-hisabat hiya hisabat mahjoura (orphaned), w had l-nisba katoussel l-60% f l-bi'at l-qdima.

L-Hudoud l-Jdida: Ta'min A3wan l-AI (AI Agents)

M3a bdayat khdmet l-a3wan dyal l-AI l-mustaqilla b hwiyat khassa bihom, hado kiy-mttlo l-jil l-jdid dyal l-Identity Dark Matter. Orchid katmdded l-qodrat dyal l-IVIP l-had l-kiyanat mn khilal mantiq "Guardian Agent", li kiy-rkkiz 3la 5 dyal l-mabadi':

Nisbat l-3amil l-l-Inssan (Human-to-Agent Attribution): Rbte koli fi3l dyal AI agent b molah l-inssan.
Tadqiq l-Nachat (Activity Audit): L-hfad 3la silsilat l-mas'ouliya l-kamla dyal af3al l-agent.
Hajiz l-Siyaq (Context-Aware Guardrails): Taqyīm qararat l-wossoul b chakl dyanamiki.
Aqall Salahiyat (Least Privilege): Isti3mal l-wossoul f l-waqt l-monassib (JIT).
T-tashih l-Automatici: T-t-f3il dyal roudoud l-fi3l bhal tbddil l-credentials ila kan suluk fih l-risk.

Kharitat Tariq l-Mudara' l-IAM

Bach nt-ntqlo mn fikrat "l-bab l-msdouf" l-mnteq l-ro'ya l-haqiqiya dyal l-hwiya, l-CISOs khasshom yt-bannaw l-Outcome-Driven Metrics (ODMs). Mtalan, blasst ma t-tb3 3adad l-licences, l-firaq khassha t-3ber ch-hal nqsat mn l-salahiyat l-nayma (dormant) (mtalan hbot mn 70% l-10% f-ref3 dyal l-3am).

L-Khoutowat l-Moussa biha:

Tachkil Fariq fih Takhassousat Mkhtalfa: Jme3 bin IT, mwalin l-apps, w firaq l-GRC.
Taqdir l-Akhtar: Sber l-awlawiya l-hwiyat l-alat (machine identities) li fiha risk 3ali w ro'ya qalila.
Automaticat l-Tashih: Khdem b houloul "no-code" bach tsslah l-inhi-raf f l-wad3iya l-amniya, bhal t-twqif dyal l-hisabat l-mhmala ghadi tiktachafha.
Audit dyal l-Risk dyal l-Business: Khdem b l-ro'ya l-mustamira bach tlqa l-khorouqat f l-mustawa dyal l-applikasyon li makatkchf-hach l-adawat l-qdima.

Khulasa

L-ro'ya l-mwahada machi ghir khayali, walakin daroura asasiya. B tatbiq l-Identity Visibility and Intelligence Platform, l-charikat tqder t-dwi l-dow 3la dok l-manatiq l-modlima dyal l-hwiya "Identity Dark Matter" fin kikhbaw l-mohajimin l-asriyin, w trjje3 l-akhtar l-mkhbiya l-sath amni mador w mtahakkem fih.

Masdar: The Hacker News - Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Zero Trust / Enterprise Security

Tasghir Teghrit l-Hojom (Attack Surface) dyal l-IAM b l-Isti3mal dyal mnasat l-Ro'ya w l-Dak'aa dyal l-Hwiya (IVIP)

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

09 أبريل 2026

حمّل المانغا PDF اقرا الأصل

Tasghir Teghrit l-Hojom (Attack Surface) dyal l-IAM b l-Isti3mal dyal mnasat l-Ro'ya w l-Dak'aa dyal l-Hwiya (IVIP)

TL;DR (kholasat l-mawdu3)

Azmat l-Tachtit dyal l-Hwiya

3la hseb l-abhath dyal Orchid Security, 46% mn l-nachat dyal l-hwiya f l-charikat kiywqe3 kharij ro'ya dyal l-IAM markszi. Had l-tabaqa l-mkhbiya fiha:

Tatbiqat ma-msayrach (unmanaged) w Hisabat mahaliya.
Masarat l-ta'kid (authentication) li ma-baynach.
Hwiyat dyal l-alat (machine identities) 3ndha salahiyat ktr m-l-lazem.
L-khoroj l-sari3 dyal l-Agentic AI (A3wan l-idaka' l-istina3i).

Natija hiya wahed l-fajwa khatira bin l-wad3iya l-amniya li l-charikat shabliha 3ndha, w bin l-ousoul (access) li f-l-waqi3.

Ta3rif l-IVIP: "Nidham l-Andima"

Bl-khilaf f dyal l-adawat l-qlidiya dyal l-Identity Governance and Administration (IGA), li kat3tamad 3la l-tawtiq l-yadawi w l-i3dadat l-tabta, l-IVIP kat3ti:

Nitaq Chamil: Ro'ya f l-andima l-mosayara, ghir l-mosayara, w l-manfasla.
Basira l-Mustamira f l-Waqt l-Haqiqi: Telemetry f l-hin f blasst l-ta'kidat l-dawriya l-qdima.
Daka' Modam b l-LLM: Isti3mal l-AI bach yfhem l-niya (intent) w ytahlil l-suluk badal l-mantiq l-mabni 3la qawa3id basita.

L-Motatalabat l-Asasiya dyal l-IVIP

Bach tkon l-IVIP fa3ala, khassha tdir tlata dyal l-wada'if:

L-Iktichaf l-Mustamir: l-ilqa' dyal ga3 l-hwiyat l-bachariya w ghayr l-bachariya, hta dok li ma-m'anregistryin-ch rasmiyan.
Tawhid l-Xiyanat: Katkhdem k-mnasa dyal xiyanat l-hwiya li katjme3 l-icharat l-mfrqa mn l-directories w l-binya l-tahtiya f "masdar wahed dyal l-haqiqa".
Daka' Nachit: Tahwil l-xiyanat l-kham (raw telemetry) l-ma3loumat l-3amaliya, bhal t-tashih l-atomatici w tbadol l-icharat f l-waqt l-haqiqi (b-isti3mal ma3ayir bhal CAEP).

Orchid Security: Tatbiq l-IVIP f l-Waqi3

1. L-Qada' 3la l-Identity Dark Matter

2. Tawhid l-Xiyanat Mabni 3la l-Adilla

3. Nata'ij Daka' Qabila l-Tanfid

L-audits li daret Orchid reb3at stats sdamin 3la l-hala dyal l-amn f l-charikat:

85% mn l-applikasyonat fihom hisabat mn domains qdama aw kharijiya (20% mnha emails dyal l-afrad/consumers).
70% mn l-applikasyonat fiha salahiyat zayda 3la l-qyas (excessive privileges).
40% mn ga3 l-hisabat hiya hisabat mahjoura (orphaned), w had l-nisba katoussel l-60% f l-bi'at l-qdima.

L-Hudoud l-Jdida: Ta'min A3wan l-AI (AI Agents)

Nisbat l-3amil l-l-Inssan (Human-to-Agent Attribution): Rbte koli fi3l dyal AI agent b molah l-inssan.
Tadqiq l-Nachat (Activity Audit): L-hfad 3la silsilat l-mas'ouliya l-kamla dyal af3al l-agent.
Hajiz l-Siyaq (Context-Aware Guardrails): Taqyīm qararat l-wossoul b chakl dyanamiki.
Aqall Salahiyat (Least Privilege): Isti3mal l-wossoul f l-waqt l-monassib (JIT).
T-tashih l-Automatici: T-t-f3il dyal roudoud l-fi3l bhal tbddil l-credentials ila kan suluk fih l-risk.

Kharitat Tariq l-Mudara' l-IAM

L-Khoutowat l-Moussa biha:

Tachkil Fariq fih Takhassousat Mkhtalfa: Jme3 bin IT, mwalin l-apps, w firaq l-GRC.
Taqdir l-Akhtar: Sber l-awlawiya l-hwiyat l-alat (machine identities) li fiha risk 3ali w ro'ya qalila.
Automaticat l-Tashih: Khdem b houloul "no-code" bach tsslah l-inhi-raf f l-wad3iya l-amniya, bhal t-twqif dyal l-hisabat l-mhmala ghadi tiktachafha.
Audit dyal l-Risk dyal l-Business: Khdem b l-ro'ya l-mustamira bach tlqa l-khorouqat f l-mustawa dyal l-applikasyon li makatkchf-hach l-adawat l-qdima.

Khulasa

Masdar: The Hacker News - Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)