BeyondTrust Identity Security Insights: 2024 Wins and the Roadmap to Advanced Identity Security Posture Management

In 2024, BeyondTrust Identity Security Insights® aimed to strengthen our collective identity security by enabling identity and access management (IAM) leaders across a variety of industries to uncover identity vulnerabilities and hidden Paths to Privilege™. These leaders can then use these in-depth insights to better manage their identity security posture over time. As more customers have adopted Identity Security Insights as an integral part of their identity security programs, we’ve heard great things about their first impressions and continued success with the solution. We’ve also had the opportunity to glean valuable “insights” of our own from their experiences:

“The challenges our customers face to protect their companies from cyber threats drive us to continually advance game-changing products like Identity Security Insights so that everyone is empowered to secure their evolving identity ecosystems amidst an ever-changing threat landscape,” said BeyondTrust CEO Janine Seebeck. “The next-level enhancements made in 2024 to provide comprehensive visibility to human and non-human identities, hidden Paths to Privilege, and suspicious, real-time behavior are just the beginning. We are incredibly excited to continue using research and customer feedback to roll out additional innovations from 2025 onward, and continue on this journey together.”

To learn more about our customers’ experiences with Insights, as well as the updates from the past year that are driving the most customer success, I spoke with Josh Fu, BeyondTrust’s VP of Product Marketing. Read on to learn more about 2024’s biggest identity Security Insights updates, and BeyondTrust’s continued plans to evolve the product through 2025.

When 90% of breaches are identity-related and 99% of breaches are related to hygiene and posture, it’s clear that attackers are evading existing solutions, and that technology needs to evolve to solve these challenges. That’s why we created Identity Security Insights from the ground up, using machine learning, to help you accurately, quickly, and completely understand the privilege pathways in your environment and what to do next. If an attacker were to steal an identity, Identity Security Insights would help you uncover the path(s) they could take to:

• Elevate that identity’s privileges

• Gain more insider access

• Launch an attack

In 2024, Identity Security Insights focused on surfacing the complex, indirect privilege pathways that attackers are taking as they evolve their attack techniques to penetrate into organizations. Identity Security Insights also maps out the attack surface for organizations, and gives prescriptive guidance on which next steps you should prioritize to proactively improve your identity security posture and cyber hygiene.

Identity Security Insights identifies and prioritizes the hidden, effective escalation paths across your entire IT landscape, enabling more holistic and proactive identity security posture management. It does so by examining identities, accounts, configurations, and permissions on endpoints, servers, databases, DevOps tools, IdPs, clouds, and SaaS solutions. We have a data lake model that leverages supervised and unsupervised machine learning to increase the accuracy and reliability of our actionable recommendations and detections.

In 2024, Identity Security Insights prioritized customer feedback and closed critical identity and account visibility gaps. We focused on helping organizations gain a complete understanding of all human and non-human identities, including their True Privilege™, potential vulnerabilities, and any suspicious, real-time behavior.

We also introduced visualizations for Paths to Privilege. These features make it easy for users to understand how accounts can traverse various pathways to gain elevated access, helping organizations proactively mitigate risks and gain a full picture of their identity security posture. These advancements not only address existing gaps in the market, but also empower our customers to take decisive action in securing their identity ecosystems.

We rolled out five major features in Identity Security Insights that have especially improved the way that IAM and security teams approach identity management, identity threat detection and response, and other identity security strategies:

1. True Privilege Visibility

IAM leaders and security teams often lack visibility into the true extent of an identity's privilege beyond its directly-assigned permissions. This is why we built out the following capabilities in Identity Security Insights to reveal the True Privilege of each identity:

• The ability to break down high-privileged accounts by direct and indirect privileges

• The ability to accurately prioritize security recommendations based on True Privilege

• The ability to fully understand and effectively manage all privileged accounts.

2. Expansion of Cross-Domain Paths

IAM teams often lack the capacity to detect, diagnose, and remediate identity security posture issues that span systems.

BeyondTrust’s research team has taken a deep look at the attack paths across common identity infrastructures to enhance posture recommendations and detections. This includes providing visibility into privilege escalation paths that cross on-premises within Active Directory and extend into Entra ID. Ongoing research focuses on platforms such as Active Directory, Entra ID, Okta, AWS, and others.

The following blogs offer a detailed look into the work our research team is doing to help secure the privilege pathways threat actors are actively leveraging:

• AD CS 101: Introduction to Active Directory Certificate Services & How to Detect and Mitigate ESC1 Attacks

• AD CS 102: How to Detect and Mitigate ESC4 Attacks on Active Directory Certificate Services

• Entra ID App Escalations: Attacks & Defense
  

3. Endpoint & Server Access Risk Reduction

IAM leaders struggle to maintain visibility and control over endpoint and server access risks and service accounts, which is why we offer a deeper look at the privilege escalation pathways across endpoints and servers. The following capabilities enable this depth of focus:

• Deep inspection of endpoint users, groups, and configurations

• Analytics-based detection of Paths to Privilege across systems

• Interoperability with privileged access management (PAM) controls like Endpoint Privilege Management, Password Safe, and Entitle, to simplify risk remediation across the entire identity estate.

4. Focused, Direct Access to Key Data (Reporting)

IAM leaders, IAM system owners, and IT system owners have indicated they need simpler, more direct access to relevant insights, as well as a centralized platform for identity security posture management. We’ve responded by investing in a strategic reporting infrastructure to support rapid expansion and innovation in reporting. In 2024, we delivered new reports focused on topics such as:

• Accounts with True Privilege

• Change in posture over time

• Time to resolution

• Entra ID & Azure risks

• Okta risks

• GitHub risks

• AWS risks

• Service account cleanup

• Endpoint and server access

• Password integrity

These advanced reports drastically simplify how organizations access the insights they need to make critical identity security decisions.

5. Password Auditing for AD Accounts

Identifying weaknesses in account passwords is a crucial priority for all IAM leaders. We enable leaders to do so via dedicated recommendations, labeled for context when reviewing accounts and within reports. We specifically flag passwords within the following categories:

• Compromised Passwords

• Shared Passwords

• Blank Passwords.
  

At the beginning of this year, we introduced webhook integrations, allowing Identity Security Insights to send data to an ever-growing list of third-party applications and eliminating the need for manual intervention and delays. Once configured, webhooks provide a real-time method for notifying external systems about security incidents, assigning tasks for risk mitigation, and resolving outstanding issues. Additionally, webhook message content can be customized using a suite of built-in variables. Since the release of this capability, we have documented over 16 integration examples with solutions such as Jira, Microsoft Teams, Sailpoint, ServiceNow, Slack, and more.

Customer feedback on our updates and integrations has been overwhelmingly positive. Customers have shared that they are finally gaining a holistic view of their identities across on-premises, cloud, and SaaS infrastructures—all through a single solution. This comprehensive visibility has been a game-changer for many, allowing them to better understand and manage their identity ecosystems.

Additionally, customers have noted that Insights has been instrumental in uncovering accounts with high privileges that were previously hidden in plain sight. These accounts often appeared to have low privileges on the surface but were revealed as significant risks through our enhanced visibility and analytics. This feedback reinforces the value of our efforts to close identity visibility gaps and help organizations secure their environments more effectively.

One of the unexpected successes of 2024 was the realization early in the year that we needed to pivot our focus toward addressing the needs of IAM and PAM teams. This shift allowed us to help these roles achieve complete visibility into their entire, distributed identity fabric and use this unified view to address all aspects of their identity hygiene and better manage their organization’s identity security posture overall. By concentrating on uncovering the true privilege of identities, we provided critical insights that empowered teams to remediate and control the right accounts effectively. This focus not only addressed immediate challenges but also laid the groundwork for more robust and secure identity management practices.

Looking ahead to 2025, customers can expect exciting advancements from Insights as we focus on three main strategic objectives:

• Impactful Analysis: We aim to empower leaders and analysts with solutions for understanding, improving, and tracking their identity security posture over time.

• Platform Integration: Simplifying the effective use of identity security controls to reduce risk across environments remains a key priority.

• Open System: We are committed to expanding coverage and enabling community contributions, including recommendations, detections, integrations, and data visualizations.

As part of this vision, we’re excited to share a sneak peek of features coming in 2025. These include:

• True Privilege Access Graph: Continuing our efforts to expand visualizations, recommendations, and detections for cross-system access and risks with a single view of all access, existing access controls, and open risks. This holistic view will provide deeper insights into privilege pathways.

• Workload Identity & Secrets: Expanding our coverage of non-human and machine identity data to deliver a more comprehensive view of identity risk.

• SaaS Coverage Expansion: Rolling out additional coverage for SaaS platforms to better characterize identity risks and potential blast radius.

These advancements will strengthen our ability to help customers secure their identity ecosystems and reduce risk across diverse environments.

Our dedication to continuously enhancing visibility, uncovering hidden risks, and delivering actionable intelligence through 2024 reflects our commitment to helping organizations navigate an increasingly complex identity landscape and empowering our customers to stay ahead of evolving threats.

And as identity threats continue to grow more sophisticated, we’ll continue to push the boundaries of identity security with new and groundbreaking Identity Security Insights innovations, all to ensure our customers have the tools they need to secure identities, remediate threats intelligently, and enable dynamic least-privilege access.

We are looking forward to lots more exciting innovation in 2025, so stay tuned!

See Identity Security Insights in action to learn how it could help you and your team proactively strengthen security posture and build resilience against threats.