Permiso has developed a new platform that enables security teams to better assess and reduce risks. Unlike standalone solutions that focus on a single environment or type of identity, Permiso aims to detect and protect against both human and non-human identity threats, both in the cloud and on-premises.
Permiso’s new platform links risk management to threat detection. The US security company aims to identify the identities most likely to be compromised and monitor their suspicious behavior. This combined approach should help companies consolidate their investments in identity security.
According to Permiso’s State of Identity Security Survey Report 2024, nearly half of organizations (45%) are concerned about detecting identity threats. Not entirely coincidentally, an equal percentage (45%) reported an identity-related security incident in the past year.
Universal Identity Graph
At the heart of the new platform is the Universal Identity Graph. This functionality enables security teams to create a graphical representation of all login credentials and identities in their environments. This should provide a complete overview of who can access what and whether behavior is normal or suspicious.
The need for better identity security is becoming increasingly clear. Primary login credentials for accessing systems are one of the most critical points in the security chain. Companies that neglect identity management are at an increasing risk of breaches. Worse still, they often don’t even realize there has been a breach until it is far too late.
More than just inventory
In addition to the Universal Identity Graph, Permiso’s platform offers several core features. First, there is a comprehensive identity inventory that registers all human and non-human identities in different environments. It also proactively detects vulnerabilities to mitigate risks before they are exploited. Finally, there is continuous monitoring for suspicious access and behavioral anomalies.
“Identity security is no longer just about securing login credentials; it’s about understanding the full scope of human and non-human interactions within an organization,” said Jason Martin, co-founder and co-CEO of Permiso. “With the launch of our new platform, we are setting a new standard for how enterprises protect their most valuable assets.”
Cybersecurity companies are increasingly adopting a holistic approach to identity security. Back in early 2024, Cisco launched Identity Intelligence for the detection of IAM hacks to bolster its wide portfolio, for example. Such a solution address the problem that authentication does not automatically mean that a user is secure or should be granted access.
Building on existing capabilities
The new platform builds on Permiso’s existing Identity Threat Detection and Response (ITDR) capabilities. These cover identity providers, IaaS, PaaS, and SaaS applications. Permiso has developed more than 1,500 detection signals for these environments, fueled in part by expertise in tracking threat groups such as LUCR-3 (Scattered Spider).
This group is known for compromising human and non-human identities to access sensitive data. In recent years, following campaigns against the hotel industry, Permiso has added several luxury resorts and casinos in Las Vegas as customers.
The steps Permiso is taking to secure human and non-human identities come amid the growing adoption of agentic AI, which brings new and more extensive identity risks. Permiso’s P0 Labs team has identified numerous attack campaigns that leverage non-human identities, including resource abuse, password spraying, and credential stuffing attacks.
The growing complexity of identity management and the increased sophisticated attacks mean that organizations are increasingly opting for integrated platforms rather than standalone solutions.
Read also: Okta merges identity into one platform: what does that entail?