Permiso Security

Identity risks often hide in plain sight. From zombie accounts to toxic permissions, small gaps can quickly turn into big exposures. We’ve put together a quick ISPM (Identity Security Posture Management) cheat sheet to help teams spot and fix the most common identity misconfigurations. What you’ll find inside: - Key misconfigurations and their real impact - A 90-day roadmap to strengthen identity posture - Quick wins mapped to SOC2, ISO 27001, and NIST A simple guide to start cleaning up your identity surface. Download the ISPM Cheatsheet: https://hubs.la/Q03VXhnc0

In just over a week, we'll be at the Gartner IAM Summit in Grapevine, Texas! Come by booth 723 to say "hi" and chat about identity security if you'll be there too.

Scattered Spider has forced a fundamental rethink of which security tools actually matter. Across LUCR-3 investigations, one pattern is consistently observed: the tools that help most are those that strengthen identity visibility, reduce misconfigurations, and validate human interactions. Organizations must use new identity visibility intelligence platforms and identity threat detection and response technologies to enhance security outcomes. Our analysis highlights several markets now central to defending against this threat: ✔️ Identity-focused technologies are becoming foundational ▪️ Identity Visibility and Intelligence Platforms ▪️ Identity Threat Detection and Response ▪️ Automated Identity Verification ✔️ SaaS and cloud posture tools are essential for reducing exposure ▪️ Continuous Threat and Exposure Management ▪️ SaaS Security Posture Management ✔️ Human verification capabilities are expanding quickly ▪️ Passkeys for phishing-resistant authentication ▪️ Automated Impersonation and Deepfake Detection Together, these markets reflect how defence is shifting toward identity-centric visibility combined with posture management and verification controls across cloud and SaaS ecosystems. To ground this landscape in real-world capabilities, the report also includes solution profiles from Silverfort, Permiso Security and CrowdStrike. our full analysis here: https://lnkd.in/gYK6NFd5 We hope the attack analysis in this report provides practical value. If you find this style of research helpful, we welcome your feedback! #CyberSecurity #IdentitySecurity #CISO #ThreatDetection #ScatteredSpider #SecurityStrategy

Identity sprawl isn’t slowing down. It is accelerating. The challenge ahead isn’t only securing known identities. It is discovering the ones that were never tracked, never inventoried, and never monitored. In his latest piece with ITSecurity Wire, Paul Nguyen explores why security teams are losing visibility across identity types and what needs to change before the problem becomes systemic. Read it here: https://lnkd.in/dDSgu5gm

We're honored to be included alongside Silverfort and CrowdStrike in Software Analyst Cyber Research's recent report, "Defending the Modern Identity Stack: Scattered Spider and the New Era of Identity Warfare." We appreciate the great work of Lawrence Pingree, Francis Odum and team! "Permiso aggregates telemetry from cloud, SaaS, and identity systems to correlate events tied to an identity into high-fidelity multi-plane alerts. These alerts provide a holistic view of an attack timeline across different environments, identity types, and behaviors; which is necessary to stop groups like Scattered Spider from rapidly jumping around an environment."

The Gainsight → Salesforce incident is another example of how OAuth connectors and non-human identities have become high-value entry points for attackers. When vendors release limited technical detail early on, defenders need to rely on baseline identity behavior to spot misuse fast. Our P0 Labs team analyzed activity across customer environments and identified what “normal” Gainsight connector behavior looks like - AWS-based IP patterns, consistent event types, and a narrow API footprint. Any deviation from that baseline is a signal worth investigating. Ian Ahl breaks down these patterns, the atomics to watch, and how this aligns with tactics seen in prior SaaS-to-Salesforce compromises. 👉 Watch Ian's rapid technical analysis: https://hubs.la/Q03VqZQx0

Our co-founders Jason Martin and Paul Nguyen sat down with John Egan to talk about how they manage their roles as co-CEOs for his recent article in SHRM. "When done correctly, a co-CEO structure can be a 'superpower,' helping a company navigate business complexities and run parallel strategic initiatives." https://lnkd.in/eVr2X-bW

Identity has become the primary control plane of enterprise security, and attackers know it. Over the past few months, my research has consistently pointed to the same conclusion:We’re no longer dealing with endpoint or network-centric intrusion patterns. We’re dealing with identity warfare. We released my latest report at Software Analyst Cyber Research: Defending the Modern Identity Stack: Scattered Spider and the Rise of Identity Warfare. Groups like Scattered Spider continue to demonstrate that adversaries don’t need zero-days or advanced malware when identity pathways are poorly governed. Misconfigurations in SaaS, overly permissive cloud roles, weak help desk workflows, and fragmented visibility are now the fastest route to compromise. In this research, I map out: Why identity, SaaS, and cloud have become the dominant attack surface. How Scattered Spider weaponizes identity gaps with operational speed, social engineering precision, and multi-layer access chaining. The architectural priorities CISOs must adopt to defend the identity stack as an interconnected system, not a collection of siloed controls. To ground the analysis, I also include representative case studies from CrowdStrike, Silverfort, and Permiso Security. These examples illustrate how leading and emerging vendors are approaching identity visibility, posture hardening, and threat detection across complex, hybrid environments. If you are responsible for modern security architecture, this research provides a clear view of how identity-centric attack patterns are evolving, and what must change to stay ahead of them. Read the full report: https://lnkd.in/g46z_4uq

So much of what we hear from security leaders and practitioners is the lack of visibility into their AI identities. Watch Ian Ahl show how Permiso discovers and classifies these into AI users, builders, and agents.

Identity is now the primary battleground, and SACR’s latest research breaks down why. The new Scattered Spider report from Francis Odum and team gives a clear view of how modern intrusions unfold: -Social engineering becomes the entry point -Identity systems fail first -Attackers pivot across cloud and SaaS faster than defenders can react Permiso was highlighted for our work in providing complete identity visibility, detecting behavioral anomalies, and surfacing identity-driven threats that traditional tools miss. If you're tracking identity-based intrusions or building your 2026 identity strategy, this analysis is worth your time. Read the report here: https://lnkd.in/eupADZ93