Palo Alto launches identity security platform 'Idira'…… With the proliferation of AI, "attackers are more inclined to log in rather than intrude"

Palo Alto Networks has launched a new identity security platform called “Idira,” designed to integrate internal personnel, machines, and AI agents’ accounts into a unified access management system. The underlying rationale is that, with the accelerated adoption of generative AI, corporate security focus is shifting from blocking external network intrusions to “who logs in with what permissions.” The platform is built on technology acquired by Palo Alto Networks in February this year for approximately $25 billion (about 37.45 trillion Korean won), from CyberArk. CyberArk is regarded as a leading company in the Privileged Access Management (PAM) field. Idira’s distinctive feature is expanding management scope from traditional human-centric permission controls to include machine accounts and AI agent accounts. ### The number of machine and AI accounts is 109 times that of humans. According to data provided by Palo Alto Networks, in current enterprise environments, the ratio of machine and AI identities to human identities is approximately 109 to 1. Additionally, 61% of privileged access requests are not handled via “on-demand authorization” but are managed with “permanent permissions.” The company’s survey shows that in the past year, 9 out of 10 enterprises have experienced identity-related intrusion incidents. This indicates a shift in attack methods. Previously, attacks mainly involved hackers “breaking into” systems from outside, but now, infiltration through stolen accounts and permissions that log in like normal users is increasing. The more permanent permissions granted, the greater the potential harm. ### The core is “eliminating permanent permissions” and real-time control. Idira mainly consists of three core functions. First, it uses AI to continuously discover the overall identity, permissions, and access paths within the enterprise, and to identify risk factors. Second, it applies dynamic control to replace fixed permissions, enforcing “Zero Standing Privilege” (ZSP) on all identities, which means eliminating permanent permissions and granting access only when necessary through “Just-in-Time” (JIT) access. Additionally, AI-driven policies enable automation of full lifecycle governance and compliance tasks from identity creation, modification, to deactivation. For security teams, this means the ability to unify access management functions scattered across multiple tools into a single control interface. ### Upgrading existing customers by license type Existing CyberArk SaaS customers will follow different upgrade paths based on their license types. Traditional PAM customers will automatically receive identity detection and user experience improvements, while “Zero Standing Privilege” and machine/agent identity protection features require additional purchase. In contrast, modern PAM enterprise and developer license customers can access identity detection, ZSP elimination, and user experience improvements for free. Workforce Access customers can immediately enjoy user experience enhancements, while ZSP and machine protection features can be added through upgrades. Customers holding Secrets & Workloads licenses can integrate existing PAM functions into the Idira platform. ### “Attackers are no longer intruding, but logging in” Idira’s Chief Product Technologist Peretz Regev stated: “‘Identity’ has become the new battleground in AI enterprise environments. Now, attackers no longer just break into systems; they log in, making all identities potential targets.” This statement aligns with macro trends in the security market. As cloud, SaaS, automation tools, and AI agents increase, the traditional privileged account model managing only a few administrators faces limitations. Enterprises need not only simple authentication but also a precise identity security system capable of real-time assessment of “who is accessing what resources under what circumstances.” Palo Alto Networks believes that Idira will serve as a platform to unify fragmented identity security environments into a single control system. The platform is officially available starting today, with additional features planned for release later this year. As AI becomes more widespread in enhancing enterprise productivity, it also intensifies security complexities, and competition in the identity management field is likely to grow increasingly fierce. TP AI Notice: This article uses a language model based on TokenPost.ai for summarization. The main content may be omitted or differ from actual facts.