Danny Brickman
Co-founder & CEO
Publish on
May 22, 2024
Oasis's Co-Founder and CEO, Danny Brickman, had the pleasure of joining Anna Delaney in the Information Security Media Group (ISMG) studio for an engaging discussion during the RSA Conference. Danny provided valuable insights into the inadequacy of traditional identity management solutions to address NHI threats, the importance of building contextualized visibility and implementing lifecycle management techniques, and Oasis Security's plans to expand our product offerings to meet the growing demand for NHI security solutions.
Anna Delaney:
Hello, I'm Anna Delaney with IS, and today we're discussing the non-human identity revolution. I'm delighted to be joined by Danny Brickman, CEO of Oasis Security. Great to see you, Danny.
Danny Brickman:
Good to see you as well. Thanks for having me.
Anna Delaney:
We're talking about the non-human identity revolution. Before we get to the revolution part, can you explain what we actually mean by it?
Danny Brickman:
For ages, our focus was on human identities—usernames and passwords for specific applications. But now, with software dominating the world, every application, automation, and AI agent leverages an identity, and these are non-human identities. They don't necessarily have usernames and passwords; there are different ways to authenticate them. This world is expanding rapidly due to the AI revolution, cloud transformation, and other technological advancements, creating a proliferation of non-human identities.
Anna Delaney:
Why is this happening now?
Danny Brickman:
Businesses want to drive more value, create more automations and applications, and enhance efficiency. This creates a lot of non-human identities, which are now outnumbering human identities by factors of 10 or even 50. Attackers are exploiting this, as seen in breaches like those at Cloudflare and Microsoft, where non-human identities played a significant role. Developers might share tokens or keys more readily than passwords, which attackers can then leverage. At Oasis Security, we focus on identifying all these accounts, gaining visibility, and managing the lifecycle of non-human identities—from creation to decommissioning—through rotation and secret management. The existing identity stack wasn't built for this, so organizations struggle with both visibility and management.
Anna Delaney:
You recently acquired new investment. What’s your message about the criticality of non-human identities?
Danny Brickman:
People now recognize this as a significant issue, one of the biggest in their organizations. With new funding, we plan to expand our product and R&D team to address these challenges more effectively. Our advice to organizations is to start by gaining visibility through quick integrations, which can be achieved in a few minutes and provide insights within hours. This helps in deciding the next steps to address critical needs. Our contextualized layer, built with AI agents, and our novel approach to lifecycle management, set us apart in the industry. Organizations need to stop trying to solve non-human identity issues with human tools and recognize the unique challenges these identities present. Addressing this problem immediately is crucial to safely drive AI and automation initiatives.
Anna Delaney:
How do you see the space evolving in the next year?
Danny Brickman:
We need to address this problem now, as the number of non-human identities will only continue to grow. Predictions indicate we could see hundreds or even thousands more non-human identities than human ones. Addressing this gap is essential to prevent attackers from continuing to exploit it.
Anna Delaney: Thank you so much, Danny. It’s been a pleasure talking with you.
Thank you very much for watching. For IS and G, I'm Anna Delaney.