John Lambert, formerly of the Microsoft Threat Intelligence Center, observed, “Defenders think in lists, attackers think in graphs.” True Privilege embraces this concept by mapping the relationships and interconnections between identities, accounts, and privileges that span the entire identity fabric of modern hybrid cloud environments as a graph, revealing hidden Paths to Privilege that other solutions miss.

With this latest Identity Security Insights innovation from BeyondTrust, organizations can:

• See their identity estate from an attacker’s perspective
• Understand the complex, indirect paths to privilege that could be exploited
• Prioritise the remediations that have the greatest impact on security posture across endpoints, servers, Cloud, and SaaS
• Easily share the analysis results with the rest of their security stack

“Organizations are overlooking the indirect ways that attackers can gain access to the privileges of human, machine, and workload identities due to increasingly interconnected systems, accumulated standing privilege, and silos most modern businesses are challenged with–but attackers aren’t overlooking these paths to privilege,” said Sam Elliott, SVP of Products at BeyondTrust. “They thrive in this complexity as it typically means an unprotected target is available. True Privilege addresses these challenges by revealing the actual, effective privileges an identity holds by uncovering the paths attackers can exploit. It’s not enough to find these paths; it’s essential to replace standing privilege with just-in-time (JIT) access to provide resilience when an identity is compromised.”

True Privilege leverages advanced AI and machine learning (ML) to analyze vast amounts of identity data from diverse sources, including Active Directory, Entra ID (formerly Azure Active Directory), Ping, Okta, Atlassian, GitHub, AWS, GCP, and many others, along with BeyondTrust identity security products. This analysis goes well beyond surface-level permissions or relying on data from password vaults. True Privilege calculates the actual, effective privilege of an identity, considering complex interactions, configurations, and current states, as well as detecting anomalous behavior that could indicate a breach.

As a result, True Privilege offers a level of visibility unmatched in the identity security market today. By continuously assessing risks and mapping interconnections across the identity landscape, True Privilege proactively identifies and addresses critical security issues. This holistic view provides contextually rich recommendations, empowering organizations to harden their security posture and disrupt potential attacks before they occur.

True Privilege offers a natural complement to traditional PAM approaches, going beyond simply managing privileged accounts to illuminate how all identities access privileges. It is currently the leading capability on the market that is able to fully eliminate silos to properly enable modern PAM. Identity Security Insights’ True Privilege amplifies other BeyondTrust solutions, such as Password Safe and Endpoint Privilege Management, by leveraging their inputs to enable the principle of least privilege (PoLP) and JIT for all enterprise use cases, as well as by leveraging a single user interface (Entitle) to gain JIT access to secrets, computers, cloud, and SaaS.

“Jim’s proven ability to empower partners and drive business growth makes him an ideal leader to take BeyondTrust’s partner ecosystem to the next level,” said Brent Thurrell, Chief Revenue Officer at BeyondTrust. “His visionary approach to building collaborative alliances and supporting programs aligns perfectly with our mission to protect Paths to Privilege for our customers and partners worldwide.”

At BeyondTrust, Jim will spearhead the global channel strategy, emphasizing market share growth through the company’s growing global partner ecosystem. BeyondTrust remains committed to advancing its channel momentum by enhancing partner engagement and enablement, utilizing intellectual property, and providing strategic and financial support to partners. These elements are integral to a world-class channel framework and underscore BeyondTrust’s dedication to partner success.

“My channel philosophy is to help partners develop innovative and disruptive solutions building upon world-class technology with their own unique set of capabilities to deliver transformative outcomes to our joint customers,” said Ortbals. “I’m excited to join the BeyondTrust team and look forward to working closely with our partners to drive meaningful growth and shared success.”

Prediction #1: AI2 Bursts the Bubble
AI2, or the “Artificial Inflation” of Artificial Intelligence, is set to see its hype deflate across industries. While AI will remain useful for basic automation and workflows, much of the over-promised capabilities, particularly in security, will fall short in 2025. The focus will shift toward practical AI applications that enhance security without overwhelming organizations with marketing noise.

Prediction #2: Quantum Computing Threats Loom Large
Quantum computing will challenge existing cryptographic defences, especially for large organizations. While NIST’s post-quantum encryption standards were released in 2024, the transition to these new standards will be gradual. Larger enterprises, particularly in finance, must begin planning for this quantum shift to protect sensitive data.

Prediction #3: Hidden Paths to Privilege Become the New Battleground
In 2025, attackers will increasingly target obscure identity paths—convoluted trust relationships and hidden entitlements—that can grant privileged access. These minor identity issues will evolve into significant security risks, forcing organizations to reassess their identity and access hygiene to avoid lateral movement and privilege escalation attacks.

Prediction #4: Reverse Identity Theft Takes Center Stage
Expect a rise in reverse identity theft, where stolen breach data is improperly merged with additional personal information to create false digital identities. This trend will complicate identity security as organizations struggle to differentiate between legitimate and fraudulent personas.

Prediction #5: Planned Obsolescence Forces Hardware Overhaul
As Microsoft ends support for Windows 10 in late 2025, millions of systems will become obsolete. Many of these systems lack the hardware capabilities required to run Windows 11, pushing organizations toward hardware upgrades or alternative operating systems. The result will be a massive influx of outdated devices vulnerable to cyberattacks.

Prediction #6: Cyber Insurance Plays Catch-Up
Cyber insurance carriers will need to reassess policies as AI and quantum computing introduce new risks. In 2025, expect carriers to revise their terms to include exclusions related to AI and quantum risks, much like traditional exclusions for acts of war. This will push businesses to adopt new cyber-resilient practices to maintain insurance coverage.

Prediction #7: The End of Malware Dominance
Malware as a primary threat vector will decline as attackers increasingly exploit identity and access vulnerabilities. Organizations must shift their focus to protecting identities and reducing the blast radius of compromised accounts.

Prediction #8: Satellite Connectivity Disrupts Traditional Networks
With advances in satellite connectivity, traditional 5G and broadband networks will face stiff competition. This shift will introduce new attack surfaces as satellite communication becomes a more widespread alternative.

“Looking ahead helps us anticipate where cyber threat actors will undoubtedly go, and preparing for what’s ahead makes all the difference in risk management effectiveness,” said Morey Haber, Chief Security Advisor at BeyondTrust. “At BeyondTrust, we aim to deliver the best security solutions to address these future attack vectors and help our customers stay ahead of emerging threats.”

Each Microsoft Security Bulletin is comprised of one or more vulnerabilities, which apply to one or more Microsoft products. Microsoft typically groups vulnerabilities into these main categories: Remote Code Execution (RCE), Elevation of Privilege (EoP), Information Disclosure, Denial of Service (DDoS), Spoofing, Tampering, and Security Feature Bypass. This year’s edition of the report also assesses how vulnerabilities are being leveraged in identity-based attacks, spotlighting some of the most significant CVEs of 2023 (9.0+ CVSS severity scores).

Total and critical vulnerabilities demonstrated some of the most consistent data, year over year, since this report’s debut, a strong indicator that overall long-term security efforts are paying off. This may also reflect that attackers are increasingly re-focusing their efforts on exploiting identities, rather than Microsoft software vulnerabilities.

1. After hitting an all-time high in 2022, total vulnerabilities continue their 4-year holding pattern near their highest-ever numbers in 2023, remaining between 1,200 and 1,300 (since 2020).
2. Elevation of Privilege vulnerability category continues to dominate, accounting for 40% (490) of the total vulnerabilities in 2023.
3. Denial of Service vulnerabilities climbed 51% to hit a record high of 109 in 2023, with Spoofing demonstrating a dramatic 190% increase, from 31 to 90.
4. The total number of critical vulnerabilities continues its downward trend, but slows its descent, dropping by 6% to 84 in 2023 (5 less than in 2022).
5. After Microsoft Azure & Dynamics 365 vulnerabilities skyrocketed in 2022, they almost halved in 2023 – down from 114 to 63.
6. Microsoft Edge experienced 249 vulnerabilities in 2023, only one of which was critical.
7. There were 522 Windows vulnerabilities in 2023, 55 of which were critical.
8. Microsoft Office experienced 62 vulnerabilities in 2023.
9. Windows Server category had 558 vulnerabilities in 2023, 57 of which were critical.

“This report continues to highlight the need to keep improving security, not only at Microsoft but also for all organizations who are looking to better manage cyber risks in the context of an evolving threat landscape,” said James Maude, Director of Research at BeyondTrust. “This year’s report was a prime illustration of the modern identity threat landscape. The continued domination of Elevation of Privilege as the most common category of vulnerability, and the identity crisis highlighted at the end of the report, underscore the importance of privilege and the timeless security concept of least privilege. It also emboldens BeyondTrust’s mission to provide the broadest level of visibility and protection of paths to privilege.”

Despite overall stability in the Microsoft vulnerabilities data, the report’s analysis of critical vulnerabilities and innovative threat tactics predict now is not the time to get complacent:

1. Vulnerabilities and unpatched systems will continue to provide threat actors with a means of attack.
2. Expanding Microsoft technologies will continue to introduce new attack surfaces.
3. Novel vulnerabilities will continue to emerge as threat actors uncover innovative pathways through Microsoft’s systems.
4. Investments in research and security practices will continue to shift the way threat actors gain their foothold, as it becomes easier to steal an identity to gain access than to exploit a vulnerability.

Despite predicting an increase in the volume and sophistication of identity-based attacks, this year’s report shows once again that long-standing, foundational security principles like least privilege will continue to offer the best line of defence—even against modern threats—and that the organisations that successfully pair preventative security controls with threat detection and response will continue to be much better poised to withstand tomorrow’s threats.

As Chief Customer Officer, Sean Cashin assumes responsibility for ensuring customers achieve their business objectives and cybersecurity goals through BeyondTrust’s innovative solutions. Sean joined BeyondTrust in 2018 and has held several progressive roles within the Customer Success team. With over 25 years of experience in Software Development, Operations, and Customer Experience roles, Sean brings a wealth of expertise to his position. He spearheads efforts to enhance customer satisfaction and oversees key functions, including Customer Success, Education, Professional Services, Support, and Technical Account Management. Sean’s prior engagements at NTT DATA and his background in Operations Excellence uniquely position him to drive transformative change within BeyondTrust.

Brett Theiss, appointed Chief Marketing Officer, leads BeyondTrust’s global marketing strategy, focusing on brand reputation and market leadership in the identity security landscape. With a rich background spanning over two decades in technology and SaaS marketing, Brett has a proven track record of driving revenue growth through strategic marketing initiatives. His leadership roles at Anaplan, Xactly, and CA Technologies demonstrate his ability to build and lead high-performing marketing teams.

Michael Machado assumes the role of Chief Information Security Officer, where he is tasked with strategic planning and governance of BeyondTrust’s information security program. With over 20 years of experience in global companies, ranging from pre-IPO to Fortune 100, Mike brings a wealth of expertise in cybersecurity and data protection. His prior roles at Shippo and RingCentral, where he led cybersecurity and trust strategies, highlight his ability to navigate complex security landscapes.

“We are thrilled to welcome Sean, Brett, and Mike to the Executive Leadership Team,” said Janine Seebeck, CEO at BeyondTrust. “Their collective experience and expertise will be instrumental as we embark on our next phase of growth, and BeyondTrust is poised to continue delivering best-in-class identity security solutions to our valued customers worldwide.”

Managing access to employee business accounts has never been more important. Today’s workforce uses an increasing number of tools to accomplish daily tasks. These tools can include design, project management, and collaboration solutions that are not visible or controlled by IT because they don’t offer or aren’t enabled with the organization’s single sign-on security—even though they may contain confidential or proprietary information.

Without a solution in place to help manage business application passwords, users risk falling back on risky password practices, including password reuse, insecure storage, password sharing, and non-compliance with corporate password policies. The new Workforce Passwords add-on helps organizations bring employee business passwords under management and control access to the underlying applications.

Workforce Passwords leverages the power of Password Safe’s enterprise-level solution to extend convenience and security to business user applications.

Benefits of BeyondTrust Workforce Passwords include:

• An easy-to-use browser plugin that enhances the convenience of retrieval and auto-fills passwords using a modern browser extension
• The convenience of consumer password managers, secured and scaled for the enterprise
• The use of personal folders to safely store and secure individual credentials
• Easy adoption with rapid value for users who download the browser extension from the Chrome Web Store or Microsoft Edge Add-on Store
• Comprehensive audit capabilities that enhance visibility and security
• Enforcement of password policy compliance across all applications

“Workforce Passwords redefines how organizations manage all passwords across the organization, providing a comprehensive solution that secures privileged and non-privileged accounts within a single tool,” said Sam Elliott, SVP of Products at BeyondTrust. “By enabling organizations to efficiently and securely manage their digital identities, we are paving the way for advancements in cybersecurity that protect vital assets in today’s rapidly evolving threat landscape.”

Identity Security Insights marks a transformative addition to the BeyondTrust platform, introducing an advanced intelligence layer that empowers organizations to achieve unprecedented levels of identity and access security. The solution offers a unified view of identities, accounts, cloud entitlements, and privileged access across the entire identity landscape. This seamless correlation of data from BeyondTrust’s products and third-party identity providers, including Okta, Ping Identity, Microsoft Entra ID (formerly Azure AD), and cloud providers like AWS and Azure, enables organizations to gain comprehensive insights into identity-related risks.

By harnessing advanced analytics and intelligence, Identity Security Insights provides real-time visualization of threats, illuminates potential attack paths, and offers intelligent, actionable recommendations to bolster identity hygiene. Early adopters of the solution have swiftly detected and remediated security risks, such as unauthorized access to sensitive systems and data, unmanaged admin and over-privileged accounts, potential on-premises to cloud privilege escalation paths, and other previously undetectable security vulnerabilities that could be exploited by malicious actors.

Key Features of BeyondTrust’s Identity Security Insights Solution:

• Comprehensive Identity & Access Visibility: Gain a holistic understanding of identities and access across multi-cloud and on-premises environments through a single interface, ensuring comprehensive identity-related risk awareness.
• Identity Threat Detection: Identify identity-based anomalies in real-time, ranked by severity, empowering proactive response to potential threats.
• Reduced Identity Attack Surface: Identify blind spots and mitigate risks by proactively identifying vulnerabilities and receiving recommendations to strengthen identity security.
• Integrated Ecosystem: Leverage the intelligence of BeyondTrust Privileged Access Management (PAM) products and core Identity Access Management systems to automatically remediate identified threats, creating a unified defence against cyberattacks.
• Quick Start, Instant Value: Organizations can reap actionable findings in less than 30 minutes with a simple two-step process.

“Identity Security Insights completely revolutionizes the way organizations approach identity security, providing an unprecedented level of visibility, threat detection, and actionable insights that haven’t been available to date,” said Marc Maiffret, CTO of BeyondTrust. “We focus on securing the privileges and access that make compromised identities dangerous. By empowering organizations to proactively protect their identities, we’re continuing to spearhead advancements in cybersecurity that safeguard critical assets in today’s evolving threat landscape.”

Gaining root or other privileged credentials makes it easy for malicious actors to remain undetected while accessing sensitive systems and data. To protect against malicious activities, many enterprises use sudo (superuser do) to manage privileges in their Linux workstations. However, sudo lacks central storage and administration of policy files, secure and efficient ways to distribute policy files over multiple systems, native protection of the integrity of generated logs, and provision for remote login to remote servers. These severe limitations create security blind spots and decrease productivity and ease of management of Linux systems.

BeyondTrust Privilege Management for Unix and Linux enables admins to easily set up policies that allow and deny actions and use policy-based controls to elevate privileges as needed. In its latest release, the solution integrates natively with sudo via Sudo Manager feature. With this integration users now have:

• Central storage and administration of sudoers policy files
• A secure and efficient way of distributing sudoers policy files over multiple systems
• Native protection of the integrity of generated logs
• Provision for remote login to remote servers
• Centralized searching, analytics, and reporting
• A web-based management platform

This native integration gives customers unprecedented granular control over Linux workstations through centrally managed sudo policies while extending protection to their entire Linux estate.

BeyondTrust’s extended support for Azure AD
Many organizations have moved to Azure AD to accelerate the adoption of cloud resources and easily integrate SaaS applications into their security infrastructure. To support customers’ cloud migration journeys, BeyondTrust Active Directory Bridge now enables users to authenticate to an Azure AD tenant in addition to Active Directory in a hybrid mode. With this capability organizations can leverage a seamless single sign-on (SSO) experience using their existing Active Directory infrastructure, reducing management complexity and improving the organization’s identity security posture.

BeyondTrust AD Bridge enables customers to leverage their existing investment in Active Directory to consistently manage and secure on-premises and cloud-based Linux resources. Extending familiar and effective Active Directory controls and policies to Linux enables organizations to unify their environments and drive consistency to support governance and compliance.

Support for Kibana Dashboards
BeyondTrust Privilege Management for Unix and Linux now also includes an Elasticsearch SIEM integration that brings a unified visual search experience. Customers can index log data from Privilege Management for Unix and Linux and Active Directory Bridge into Elastic, along with other log sources, to analyze and visualize data in a more efficient way, through dashboards, charts, or built-in apps. This enhanced visual experience helps teams be more precise, efficient, and quickly act on potential remediations. Kibana dashboards can also be leveraged to improve defense capabilities to better detect suspicious and abnormal activities and to automate analytics to address compliance requirements.

“By integrating BeyondTrust Privilege Management for Unix and Linux and BeyondTrust Active Directory Bridge with Elasticsearch, we provide a unified search experience for admins to quickly and easily find everything they need,” said Sam Elliot, Senior Vice President of Product Management at BeyondTrust. “Together with the other expanded capabilities, BeyondTrust solutions further enable our customers to achieve their security goals with the least privilege enforcement that doesn’t slow down end users.”

BeyondTrust Privilege Management for Unix and Linux 22.3 is now available.

Today, organizations are being asked to do more with less, while facing an expanding threat landscape. They know they cannot solve emerging security problems with a disjointed patchwork of solutions or a poorly integrated ecosystem. “Our customers have told us they want a single platform that removes complexity and the risk created by fragmented infrastructure,” said Raj Cherukuri, Chief Product Officer at BeyondTrust. “They need solutions that accelerate time to value with easy deployments and deliver a robust set of common capabilities to reduce security risk while accelerating their digital transformation initiatives.”

The BeyondTrust Platform leverages a single interface to discover, manage, and protect identities, control access, as well as proactively detect anomalous activity. This new solution reduces complexity and management burden through a revolutionary single-agent approach and unified management console across all BeyondTrust apps. Along with the platform, BeyondTrust also announced:

• BeyondTrust’s new Endpoint Security App is a modern privilege management solution that enables better policy management, access control, aggregated application monitoring, and threat detection; these integrated capabilities prevent attackers from elevating privileges, and mitigating cyberattacks.
• The initial release of BeyondTrust’s new Cloud Privilege Manager App, which provides visibility and management of entitlements across multi-cloud environments from a single pane of glass. Together, with the Endpoint Security App, it enables broad visibility of identities across an organization’s on-premises and cloud footprint.

By adopting a natively integrated and unified solution for identity and access security, organizations can better tackle existing use cases and expand to emerging ones, further reducing their attack surface. The BeyondTrust Platform provides a unified view of an organization’s identity landscape. This visibility helps organizations:

• Better manage, control, and protect their identity landscape
• More effectively control access to critical resources
• Easily meet security and compliance targets

Key features and benefits include:

• Breakthrough User Experience – Unprecedented ease of use by leveraging natively integrated common capabilities, which can be activated as needed with a new trial and self-service approach
• Unified Management– A single console and unified dashboard deliver navigation, management, and reporting across all apps
• A Universal Agent– Streamlined deployment and straightforward maintenance with automatic installs and upgrades with no reboot required
• Asset Discovery– Gain unified cross-domain visibility with scanning across the entire environment
• Unified Policy Management– Proactively manage drift with a policy advisor, a common policy framework, out-of-the-box policy templates, and version control
• Centralized Reporting – Leverage information holistically across apps to support better decision-making, with easy customization options
• Holistic Visibility– Gain insight into privileges in use across the entire IT environment – on-premises, cloud, hybrid
• Identity Security Insights – Use identity-centric and cross-app analytics for better decision-making and prevent problems before they happen
• Health Monitoring– Keep track of the health and status of your endpoints and assets with proactive analytics
• Multitenant Deployment– Create multiple tenants within a deployment with complete isolation to match the organization’s structure

The BeyondTrust Platform and its initial apps will be available globally in Q1 2023.

As organizations are moving to the cloud at a faster pace than ever before, a cloud-first strategy is no longer a future plan; it is a business imperative. As organizations make the transition, identity is the critical key to successful access management and governance. Organizations want out-of-the-box integrations that don’t require additional services to connect. This allows them to focus on building the value of their business, rather than becoming bogged down with complex, costly, and time-consuming integration implementations.

In a time when a single compromised privileged account can result in significant damage to an organization’s operations and reputation, Access Governance around privileged access is critical to an organization’s overall security posture. The combined BeyondTrust Password Safe and SailPoint Identity Security Cloud provides a hyper-scalable approach to managing privileged access for many vital business processes; including access requests, access certifications, provisioning, search and analytics, and more.

Access governance enabled through the BeyondTrust PAM solution addresses a mandate for many organizations, large and small. Automation via provisioning and access requests eliminates tedious and time-consuming manual tasks, allowing admins to focus on more productive projects, while eliminating the risk associated with human errors and delays.

“We are so thrilled to be the first and only PAM vendor integrated and certified with SailPoint, and that is a testament to our partnership with SailPoint, and BeyondTrust’s dedication to our mutual customers and technology innovation,” said David Manks, Vice President of Global Strategic Alliances at BeyondTrust. “With identity at the heart of security, it is more important than ever that technology leaders work together to build a certified and trusted ecosystem, helping our customers achieve their security goals.”

The new BeyondTrust Password Safe and SailPoint integration offers customers the following benefits:

• A deep level of granularity for PAM access governance and compliance
• Augment PAM information into existing IdentityNow business processes, including access request, access certification, provisioning, search and analytics
• Improved user experience, by providing a singled, centralized, business user-friendly view into all identities including privileged accounts within SailPoint Identity Security Cloud
• Support for BeyondTrust Password Safe, for both cloud and on-premises deployments
• Benefit from SailPoint AI and machine learning (ML) recommendations for PAM entitlements within Certification campaigns and Access Requests

“Our partnership with BeyondTrust enables us to better serve clients as they navigate some of the most complex security challenges,” says Ahmed Shah, senior vice president of strategic alliances and partnerships at Optiv. “BeyondTrust’s PAM Integration is vital to an overall security model that encompasses security privileged and non-privileged identities to enable a Zero Trust approach.”