{"id":119324,"date":"2025-08-06T11:44:16","date_gmt":"2025-08-06T03:44:16","guid":{"rendered":"https:\/\/version-2.com\/?p=119324"},"modified":"2025-08-04T11:48:32","modified_gmt":"2025-08-04T03:48:32","slug":"identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise-at-speed","status":"publish","type":"post","link":"https:\/\/version-2.com\/en\/2025\/08\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise-at-speed\/","title":{"rendered":"Identity Security Intelligence Part 4: Detecting and Responding to Identity Compromise at Speed"},"content":{"rendered":"
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

What to Expect in this Blog:<\/strong><\/p><\/blockquote>

In Part 4 of the Identity Security Intelligence<\/em> series, we shift from building defenses to active response<\/strong>. You\u2019ll learn how to detect identity compromise early\u2014before attackers escalate privileges or blend in as trusted users. We\u2019ll cover real-world indicators of identity abuse, how to triage and contain threats with minimal business impact, and why identity-centric response playbooks are essential for modern security teams. Because when credentials are the new attack vector, speed and precision in response are your best defense.<\/p><\/blockquote>

\u200d<\/p>

In previous parts of this series, we laid the groundwork for modern identity defense:<\/p>

  • Part 1<\/strong> uncovered identities and privileges across complex environments.<\/li>
  • Part 2<\/strong> enforced least privilege through intelligent controls.<\/li>
  • Part 3<\/strong> showed how to audit and govern access for accountability and compliance.

    <\/li><\/ul>

    Now, we shift focus from preparation to action<\/strong>.<\/p>

    Because no matter how well you discover, control, or govern, \u2014identities will most likely be compromised<\/strong>.<\/p>

    And when they are, the speed and precision of your identity incident response<\/strong> will determine whether you contain the breach\u2026 or become the next headline.<\/p>

    \u200d<\/p>

    The New Breach Attack Path: From Credential Theft to Full Compromise<\/strong><\/h2>

    Identity is now the adversary\u2019s primary and top attack surface<\/strong>.<\/p>

    Attackers don\u2019t need to drop malware if they can log in using stolen credentials.<\/p>

    The kill chain is no longer linear\u2014it\u2019s lateral and identity-based:<\/p>

    1. Initial Access<\/strong> \u2013 Phishing, token theft, credential stuffing, or session hijacking<\/li>
    2. Privilege Escalation<\/strong> \u2013 Abuse of misconfigured roles or overlooked entitlements<\/li>
    3. Lateral Movement<\/strong> \u2013 Reuse of credentials, token impersonation, and cloud hopping<\/li>
    4. Data Access & Exfiltration<\/strong> \u2013 With legitimate access and minimal detection<\/li>
    5. Persistence<\/strong> \u2013 Creation of shadow admins or token misuse for future re-entry

      <\/li><\/ol>

      By the time the SOC sees unusual behavior, the attacker may have already weaponized privileges, disabled MFA, or tampered with audit logs.<\/p>

      This demands a shift from reactive forensics<\/strong> to identity-first detection and response<\/strong>.<\/p>

      \u200d<\/p>

      What Does Identity Compromise Look Like?<\/strong><\/h2>

      Identity compromise isn’t always obvious. It often appears as \u201cnormal\u201d behavior executed by a legitimate identity, \u2014but in the wrong context<\/strong>.<\/p>

      Here\u2019s what defenders must watch for:<\/p>

      \ud83d\udd0d Behavioral Anomalies<\/p>

      • Logins from\u00a0 suspicious locations or cases of impossible travel<\/li>
      • First-time access to sensitive systems or apps<\/li>
      • Sudden privilege usage not seen historically<\/li><\/ul>

        \ud83d\udee0\ufe0f Misuse of Privilege<\/p>

        • Lateral movement via service accounts or shared credentials<\/li>
        • Privilege escalation followed by sensitive actions (e.g., mailbox exports)<\/li>
        • Admin role usage outside business hours<\/li><\/ul>

          \ud83d\udd04 Token and Session Abuse<\/p>

          • Reuse of session tokens from new devices or geos<\/li>
          • Long-lived refresh tokens used across systems<\/li>
          • OAuth token abuse in cloud environments<\/li><\/ul>

            \ud83e\uddea Signs of Persistence<\/p>

            • New access grants to dormant accounts<\/li>
            • Creation of new roles, keys, or service principals<\/li>
            • Disabling of MFA or conditional access policies<\/li><\/ul>

              You can\u2019t detect this from login data alone. You need correlated identity intelligence<\/strong> (\u2014privileges, entitlements, historical behavior, and audit context) \u2014all tied together in near real time.<\/p>

              \u200d<\/p>

              Identity-Centric Incident Response: The New Playbook<\/strong><\/h2>

              When an identity is compromised, speed matters. But speed without precision causes collateral damage.<\/p>

              Here\u2019s how modern security teams respond using identity intelligence:<\/p>

              \u200d<\/p>

              \ud83e\udde0 Step 1: Triage the Identity, Not Just the Alert<\/h3>

              Instead of treating every alert as isolated, pivot to the identity in question<\/strong>:<\/p>

              • Who owns it?<\/li>
              • What can it do?<\/li>
              • Where does it have access?<\/li>
              • Has its behavior changed recently?<\/li><\/ul>

                Use entitlement graphs and historical behavior to understand the potential blast radius<\/em>.<\/p>

                \u200d<\/p>

                \ud83d\uded1 Step 2: Contain Without Breaking the Business<\/h3>

                Shutting down access is easy. Doing it surgically<\/strong> is the challenge.<\/p>

                Containment options include:<\/p>

                • Temporarily disabling high-risk privileges (not the entire account)<\/li>
                • Revoking OAuth or SAML tokens across federated systems<\/li>
                • Suspending specific roles or group memberships<\/li>
                • Forcing reauthentication with step-up MFA

                  <\/li><\/ul>

                  This minimizes disruption while blocking the attacker\u2019s movement.<\/p>

                  \u200d<\/p>

                  \ud83d\udd01 Step 3: Trace the Incident Through Identity Audit Logs<\/h3>

                  Use your identity audit layer<\/strong> (from Part 3) to:<\/p>

                  • Identify what the attacker did post-compromise<\/li>
                  • Map lateral movement across systems<\/li>
                  • Determine whether data was accessed or exfiltrated<\/li>
                  • Reconstruct actions taken with elevated privileges<\/li><\/ul>

                    This moves you from assumptions to fact-based forensics<\/strong>.<\/p>

                    \u200d<\/p>

                    \ud83e\uddfc Step 4: Remediate the Access Footprint<\/h3>

                    Once contained, clean up:<\/p>

                    • Remove suspicious roles, keys, and tokens<\/li>
                    • Reset secrets and credentials<\/li>
                    • Review group memberships and admin delegation<\/li>
                    • Verify no new identities or backdoors were created<\/li><\/ul>

                      Use historical privilege analysis to restore only what\u2019s necessary<\/strong>, not everything the identity had before.<\/p>

                      \u200d<\/p>

                      \ud83d\udd12 Step 5: Strengthen Controls and Update Detection Logic<\/h3>

                      Every incident is a learning opportunity. Post-incident, ask:<\/p>

                      • Were there missed signals in identity behavior?<\/li>
                      • Was privilege creep a factor?<\/li>
                      • Should access reviews be more frequent?<\/li>
                      • Can risky entitlements be removed permanently?<\/li><\/ul>

                        Update detection rules, access policies, and governance workflows to close the loop<\/strong>.<\/p>

                        \u200d<\/p>

                        Identity Intelligence in Detection & Response Tools<\/strong><\/h2>

                        The most effective incident response programs integrate identity signals directly into their tools<\/strong>:<\/p>

                        • SIEMs<\/strong> enriched with identity metadata (roles, entitlements, behavior baselines)<\/li>
                        • SOAR playbooks<\/strong> that automate token revocation, MFA enforcement, and role removal<\/li>
                        • UEBA tools<\/strong> that analyze deviations from normal identity usage<\/li>
                        • IAM\/PAM platforms<\/strong> that trigger step-up auth or session recordings during high-risk activity<\/li><\/ul>

                          Response becomes not just fast, \u2014but intelligent, contextual, and minimally invasive<\/em>.<\/p>

                          \u200d<\/p>

                          Don’t Wait for the Breach: Simulate It and Be Incident Response Ready<\/strong><\/h2>

                          One of the most underused capabilities in identity security is attack path simulation<\/strong>:<\/p>

                          • Use tools to model how an attacker might move from a compromised identity to high-value assets.<\/li>
                          • Identify exposed privilege chains or risky access paths.<\/li>
                          • Test incident response plans using these simulated scenarios.<\/li><\/ul>

                            This lets teams respond in practice, not panic<\/strong>.<\/p>

                            \u200d<\/p>

                            The Bottom Line<\/strong><\/h3>

                            Identity compromise is inevitable. But uncontrolled blast radius is not.<\/strong><\/p>

                            Modern attackers exploit identity gaps faster than legacy detection tools can react. To defend effectively, you need more than logs and alerts\u2014you need identity intelligence in every phase of your response<\/strong>.<\/p>

                            By combining discovery, control, audit, and intelligent detection, security teams can:<\/p>

                            • Recognize identity compromise early.<\/li>
                            • Contain it precisely.<\/li>
                            • Investigate it accurately.<\/li>
                            • Remediate it thoroughly.<\/li>
                            • Evolve their defenses continuously.

                              <\/li><\/ul>

                              Because in the new perimeter, the most dangerous breach isn\u2019t the one with malware\u2014it\u2019s the one that looks like a trusted user\u2026 until it\u2019s too late.<\/em><\/strong><\/p><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

                              \n\t\t\t\t
                              \n\t\t\t\t\t\t\t
                              \n\t\t\t
                              <\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
                              \n\t\t\t\t\t\t
                              \n\t\t\t\t\t
                              \n\t\t\t
                              \n\t\t\t\t\t\t
                              \n\t\t\t\t
                              \n\t\t\t\t\t\t\t
                              \n\t\t
                              \n\t\t\t\t\t\t
                              \n\t\t\t\t\t\t
                              \n\t\t\t\t\t
                              \n\t\t\t
                              \n\t\t\t\t\t\t
                              \n\t\t\t\t
                              \n\t\t\t\t\t\t\t\t\t

                              About Segura\u00ae <\/strong>
                              Segura\u00ae strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t

                              \n\t\t\t\t\t\t
                              \n\t\t\t\t\t\t
                              \n\t\t\t\t\t
                              \n\t\t\t
                              \n\t\t\t\t\t\t
                              \n\t\t\t\t
                              \n\t\t\t\t\t

                              About Version 2 Digital<\/h3>

                              Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n

                              \nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

                              What to Expect in this Blog: In Part 4 of the Identity […]<\/p>","protected":false},"author":149011790,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[419,1305,61],"tags":[420,1077],"class_list":["post-119324","post","type-post","status-publish","format-standard","hentry","category-segura","category-1305","category-press-release","tag-segura","tag-1077"],"acf":[],"yoast_head":"\nIdentity Security Intelligence Part 4: Detecting and Responding to Identity Compromise at Speed - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/segura.security\/post\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Identity Security Intelligence Part 4: Detecting and Responding to Identity Compromise at Speed - Version 2\" \/>\n<meta property=\"og:description\" content=\"What to Expect in this Blog: In Part 4 of the Identity […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/segura.security\/post\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-06T03:44:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/blog-v2-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"250\" \/>\n\t<meta property=\"og:image:height\" content=\"70\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"tracylamv2\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"tracylamv2\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/segura.security\\\/post\\\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2025\\\/08\\\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise-at-speed\\\/\"},\"author\":{\"name\":\"tracylamv2\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\"},\"headline\":\"Identity Security Intelligence Part 4: Detecting and Responding to Identity Compromise at Speed\",\"datePublished\":\"2025-08-06T03:44:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2025\\\/08\\\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise-at-speed\\\/\"},\"wordCount\":1015,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"keywords\":[\"Segura\",\"2025\"],\"articleSection\":[\"Segura\",\"2025\",\"Press Release\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2025\\\/08\\\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise-at-speed\\\/\",\"url\":\"https:\\\/\\\/segura.security\\\/post\\\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise\",\"name\":\"Identity Security Intelligence Part 4: Detecting and Responding to Identity Compromise at Speed - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"datePublished\":\"2025-08-06T03:44:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/segura.security\\\/post\\\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/segura.security\\\/post\\\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/segura.security\\\/post\\\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Identity Security Intelligence Part 4: Detecting and Responding to Identity Compromise at Speed\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\",\"name\":\"tracylamv2\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"caption\":\"tracylamv2\"},\"url\":\"https:\\\/\\\/version-2.com\\\/en\\\/author\\\/tracylamv2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Identity Security Intelligence Part 4: Detecting and Responding to Identity Compromise at Speed - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/segura.security\/post\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise","og_locale":"en_US","og_type":"article","og_title":"Identity Security Intelligence Part 4: Detecting and Responding to Identity Compromise at Speed - Version 2","og_description":"What to Expect in this Blog: In Part 4 of the Identity […]","og_url":"https:\/\/segura.security\/post\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise","og_site_name":"Version 2","article_published_time":"2025-08-06T03:44:16+00:00","og_image":[{"width":250,"height":70,"url":"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/blog-v2-logo.jpg","type":"image\/jpeg"}],"author":"tracylamv2","twitter_card":"summary_large_image","twitter_misc":{"Written by":"tracylamv2","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/segura.security\/post\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise#article","isPartOf":{"@id":"https:\/\/version-2.com\/2025\/08\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise-at-speed\/"},"author":{"name":"tracylamv2","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365"},"headline":"Identity Security Intelligence Part 4: Detecting and Responding to Identity Compromise at Speed","datePublished":"2025-08-06T03:44:16+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2025\/08\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise-at-speed\/"},"wordCount":1015,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"keywords":["Segura","2025"],"articleSection":["Segura","2025","Press Release"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2025\/08\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise-at-speed\/","url":"https:\/\/segura.security\/post\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise","name":"Identity Security Intelligence Part 4: Detecting and Responding to Identity Compromise at Speed - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"datePublished":"2025-08-06T03:44:16+00:00","breadcrumb":{"@id":"https:\/\/segura.security\/post\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/segura.security\/post\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/segura.security\/post\/identity-security-intelligence-part-4-detecting-and-responding-to-identity-compromise#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"Identity Security Intelligence Part 4: Detecting and Responding to Identity Compromise at Speed"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365","name":"tracylamv2","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","caption":"tracylamv2"},"url":"https:\/\/version-2.com\/en\/author\/tracylamv2\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-v2A","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/119324","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/users\/149011790"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/comments?post=119324"}],"version-history":[{"count":4,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/119324\/revisions"}],"predecessor-version":[{"id":119328,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/119324\/revisions\/119328"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/media?parent=119324"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/categories?post=119324"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/tags?post=119324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}