XM Cyber enhances identity risk visibility with continuous exposure management capabilities

XM Cyber has announced platform enhancements aimed at helping organizations reduce identity risk, compounded by AI-enabled attackers. According to Gartner, “By 2028, 70% of CISOs will use identity visibility and intelligence capabilities to shrink the IAM attack surface, reducing the risks of credential compromise.”

Excessive permissions are a leading technique used in breaches and a common path for lateral movement across hybrid-cloud environments. The new capabilities help teams identify where access can be right-sized in accordance with least privilege access policies while connecting identity risk to the broader exposures attackers use.

“Least privilege access is a well-established principle for maintaining an effective security posture, but many organizations still struggle to achieve it due to the complexity of managing identities and access at enterprise scale,” said Boaz Gorodissky, CTO at XM Cyber.

“We’re adding granular visibility into access permissions and their actual usage so teams can quickly see whether elevated permissions across Active Directory, Entra and cloud platforms are actually being used. If they aren’t, that’s a clear opportunity to remove permissions to reduce the attack surface and improve risk posture without disrupting operations,” Gorodissky continued.

XM Cyber’s existing Continuous Exposure Management solution already offers exceptional value to security and IAM teams, providing actionable intelligence on Active Directory and cloud configurations.

It spans:

• Roles with excessive permissions
• At risk cached, leaked and reused credentials
• Exposed local/domain accounts
• Security posture of third-party identity security tools

Integrating permissions usage into XM Cyber’s platform now enables faster and frictionless remediation workflows between IT, DevOps and Security teams. Security and identity teams can surface excessive permissions that are validated as part of an attack path. Unused permissions can be revoked to reduce attack surface risk or continuously monitored as part of an identity security hygiene process.

The new capabilities include:

• Active Directory excessive permissions: Active Directory entities are assessed to ascertain how frequently they are making use of their permissions. This makes it significantly easier for identity security practitioners to decide whether a specific permission level is required and provide necessary evidence to provision a fix, speeding time to reduce risk and close attack paths that exploit that permission
• Cloud Infrastructure Entitlement Management (CIEM): Entitlements for cloud entities are evaluated to provide a comprehensive view of usage patterns in large multi-cloud environments. This helps cloud security and DevSecOps teams to make informed decisions when cleaning up overly-permissive roles, boosting overall security posture and identity security hygiene

These capabilities provide critical context into how permissions are actually used across the enterprise. Identities, roles and entitlements are continuously changing. For security and identity teams determining which exposures to prioritize or whether privileges can be safely revoked based on understanding day-to-day usage is essential.

This additional insight, embedded within XM Cyber’s broader Continuous Exposure Management offering, connects identity risk to the full range of exposures the platform already discovers and prioritizes. It provides organizations with a clearer understanding of how identity-related issues contribute to real attack paths across hybrid environments and where remediation will have the greatest impact.