XM Cyber boosts identity access tools for hybrid firms

XM Cyber has expanded its identity exposure management tools to help enterprises enforce least-privilege access across hybrid environments.

The update adds more detailed visibility into permissions and how often they are used across Active Directory, Entra and cloud platforms.

Excessive permissions remain a common route for attackers seeking to move laterally inside corporate systems after gaining an initial foothold. The latest additions are designed to help security, IT and DevOps teams identify permissions that can be reduced or removed without affecting day-to-day operations.

The enhancements sit within the company's broader Continuous Exposure Management platform, which already tracks identity and configuration issues across Active Directory and cloud estates. It already covers roles with excessive permissions, cached or leaked credentials, reused credentials, exposed local and domain accounts, and the security posture of third-party identity security tools.

Usage data

A central part of the release is the use of permissions-usage data to guide remediation. By linking over-permissioned accounts and roles to observed usage patterns, the platform is intended to help teams decide whether elevated access is still necessary or can be withdrawn.

This approach is meant to support least-privilege policies by giving identity security teams evidence of whether a permission level is actively required. It also connects identity-related issues to wider attack paths identified elsewhere in the platform, helping teams judge which changes are most likely to reduce risk.

In Active Directory, entities are assessed to determine how frequently they use granted permissions. That is intended to give identity practitioners a clearer basis for deciding whether a permission should remain in place and to help close attack paths that rely on those rights.

In cloud environments, XM Cyber has added Cloud Infrastructure Entitlement Management features that evaluate entitlements for cloud entities and provide a view of usage patterns across large multi-cloud estates. The company said this is designed to help cloud security and DevSecOps teams review and remove overly permissive roles.

The changes are a response to the difficulty many organisations face in keeping identity and access controls tightly managed as systems spread across on-premise and cloud infrastructure. Hybrid environments often contain a large number of identities, roles and entitlements that change constantly, making manual reviews difficult to sustain.

XM Cyber also pointed to industry expectations that identity visibility and intelligence will play a bigger role in reducing the identity and access management attack surface in the coming years. It cited a Gartner forecast that by 2028, 70% of Chief Information Security Officers will use identity visibility and intelligence tools to reduce the risk of credential compromise.

Boaz Gorodissky, Chief Technology Officer and Co-Founder at XM Cyber, said the challenge is less about understanding the principle of least privilege than applying it consistently across large organisations.

"Least privilege access is a well-established principle for maintaining an effective security posture, but many organizations still struggle to achieve it due to the complexity of managing identities and access at enterprise scale," said Boaz Gorodissky, Chief Technology Officer and Co-Founder at XM Cyber.

He added that the latest additions are intended to show whether elevated access is being used in practice.

"We're adding granular visibility into access permissions and their actual usage so teams can quickly see whether elevated permissions across Active Directory, Entra and cloud platforms are actually being used. If they aren't, that's a clear opportunity to remove permissions to reduce the attack surface and improve risk posture without disrupting operations," Gorodissky said.

Broader push

The update also reflects a wider shift in cybersecurity towards connecting identity issues with full attack paths rather than treating them as isolated configuration problems. XM Cyber said the additional insight allows organisations to understand where identity-related weaknesses contribute to meaningful routes to critical assets across hybrid environments.

That matters because identities are often central to how attackers escalate privileges after an initial compromise. Over-permissioned accounts, unused entitlements and exposed credentials can provide a route from a minor breach to more sensitive systems if they are not identified and reduced.

By embedding permissions usage analysis into its existing platform, XM Cyber is seeking to make remediation easier to coordinate across teams that often work separately, including IT operations, security and software delivery groups. Unused permissions can either be revoked to reduce attack surface risk or monitored continuously as part of ongoing identity hygiene.

XM Cyber was acquired by Schwarz Group in 2021 and operates in North America, Europe, Asia Pacific and Israel.