Computer systems often include a variety of secure resources to which access is limited in order to improve system security. Access to such resources is often managed using identities, which are granted specific permissions or privileges to access, edit, or utilize the secure resources. While restricting access to secure resources using permissions may improve the security of a system, the identities and permissions may become cumbersome to manage in large or dynamically changing systems.
In some cases, attackers may attempt to gain access to an identity's credentials, and then use the credentials to mount a larger attack on the system. Thus, identities with a large number of assigned permissions, and identities with highly sensitive permissions, may provide an increased attack surface for malicious actors. It may be desirable to limit the privileges assigned to each identity to only those permissions actually needed by the identity to function. Thus, if the identity is compromised, the potential for damage to be inflicted by the compromised identity is limited. Manual grouping of identities has been attempted, but manual grouping may be difficult to implement effectively for large systems with many identities. Existing techniques are not optimal for real world, dynamic computing environments because they may not dynamically update identity groups as circumstances change. Moreover, existing techniques may not minimize the system's attack surface by creating least-privilege groups of identities.
Accordingly, in view of these and other deficiencies, technological solutions are needed for analyzing and grouping identities for improved identity and permission management. Solutions should group similar identities together so that permissions for multiple identities may be managed simultaneously. Solutions should group be able to create least-privilege groups and update the privileges of identities within the groups. As discussed further below, solutions may implement machine learning techniques to automate and optimize groupings of identities. Solutions may also generate visual representations of groupings for improved system analysis.