In today’s vast landscape of cyberattacks, there is a common thread: successful attacks almost always involve compromised or misused privileges. For example, most malware needs privileges to execute and install. Once a threat actor has infiltrated an IT network, privileges are typically needed to access resources or compromise additional identities. With privileged credentials and access in their clutches, a threat actor or piece of malware essentially becomes an “insider”. And, outside of Privileged Access Management (PAM), there are few defenses against a rogue insider.

The past few years have seen an explosion in the number and types of privileges arising from human identities (employees, vendors, contractors, etc.), mobile devices and the Internet of Things (IoT), cloud platforms, applications, services, machines, Robotic Process Automation (RPA), and more. This privilege explosion gives attackers more opportunities than ever to compromise an environment, and organizations are struggling to shrink their windows of exposure across this rapidly widening attack surface.