Permiso Security - Experts & Thought Leaders

Permiso, the pioneer in real-time identity security, announced the expansion of its platform to include comprehensive protection for AI identities, including AI users, AI builders, and AI agents, in order to provide enterprises with a single platform to protect all digital identities against cybersecurity threats. Available now, the expanded Permiso solution is unique in the market in that it treats AI security as an extension of identity security and offers the same comprehensive coverage for AI that has made the company’s platform the gold standard for human, non-human and vendor identity protection. Actual AI usage patterns Static tracking alone does not provide any information about who and how AI is being used The solution focuses primarily on runtime intelligence to discover actual AI usage patterns, along with the more common tracking of static information, which only captures the configuration supporting AI and AI usage. Static tracking alone does not provide any information about who and how AI is being used, leaving enterprises blind to an important part of AI risk.  Identity risks and track real-time activity "Your AI security posture will be shaped by your overall security program," said Jason Martin, Permiso Co-CEO and Co-Founder, adding "Identity security is a core pillar of any strong program and essential to securely operationalizing AI. Every identity has unique risks, but all must authenticate and be authorized to access critical systems and data." He continues, "Soon, enterprises will run hundreds or thousands of AI agents, making it vital to inventory them, assess identity risks and track real-time activity to spot suspicious behavior. Companies don’t want separate systems for each identity type - they need a single platform that provides full coverage and eliminates blind spots against identity-driven threats." New AI features New AI features provide granular visibility into AI usage patterns, enabling security teams to understand The new AI features provide granular visibility into AI usage patterns, enabling security teams to understand not just who has AI access, but precisely how they're using it - from specific AI services to the types of activities performed. This is critical to enable organizations to discover vulnerabilities, protect against them, and defend against potential attacks.  “AI isn’t a new silo, it’s an identity problem,” said Permiso CTO, Ian Ahl, adding “Permiso finds every AI identity, human and non-human. We map static exposures, and use runtime detection on live activity so you can adopt AI without widening the attack surface.” Permiso's AI into three groups Permiso categorizes AI identities into three groups: AI Users: Employees and stakeholders using AI services like ChatGPT, Microsoft Copilot, Claude, or other AI platforms. AI Builders: Developers and teams creating, modifying, or deploying AI models and applications. AI Agents: Autonomous AI systems operating within organizational environments. Identity security principles “As enterprises scale AI projects, they recognize that identity security is essential for protecting AI users, builders and agents. Solutions that apply proven identity security principles such as runtime intelligence and static tracking to AI agent identities can address a significant gap in enterprise security,” said Todd Thiemann, Principal Analyst at Enterprise Strategy Group. Permiso’s specific AI identify security features Permiso’s specific AI identify security features, which integrate seamlessly with existing Permiso deployments and require no additional infrastructure, include the ability to discover, analyze and defend against threats via:  Tracking of shadow AI usage by employees using personal accounts, which can increase the AI attack surface and go unrecognized. Notification of unauthorized AI service access through federated authentication. Discovery of AI agents operating with excessive permissions, some of which have up to 90% unused permissions, similar to patterns seen across other identity types. This introduces unnecessary risk. Discovery of sensitive data sharing with external AI models, whether initiated by human workers using AI or autonomous AI agents. Permiso’s unique approach to identity security “As organizations embrace AI, it has to be viewed through the lens of identity. Whether it’s an employee, a developer, or an AI agent, the risks ultimately come down to who has access, what they can do, and how that activity is monitored," said Permiso customer, Terrick Taylor, Security Operations Manager, YAGEO Group. The industry is also taking note of Permiso’s unique approach to identity security. GigaOm recently recognized the company in its Radar for ITDR Report, calling Permiso a Challenger, as well as a Fast Mover.

Permiso, the pioneer in real-time identity security, launches its new platform to help security teams assess and reduce exposure risk in addition to their extensive threat detection capabilities. Permiso detects and protects against human and non-human identity threats across cloud and on-prem environments in a single platform vs. the many fragmented solutions in the market now that may only focus on one environment or one type of identity.  Investments in identity security Permiso couples threat-informed risk posture controls to help teams identify those identities that are most likely to be compromised, with best-in-class threat detection to detect identity compromise as it happens.  The single solution not only inventories all identities, monitors their risk posture, but also detects suspicious and malicious behavior of those identities. This enables enterprises to consolidate their investments in identity security that covers more of the applications and services in their environment. Permiso’s Universal Identity Graph Permiso’s Universal Identity Graph enables security teams to create a graph connection of all credentials The importance of securing human and non-human identities – the primary credentials to access any system – has never been more critical. According to Permiso’s State of Identity Security Survey Report 2024, nearly half of organizations (45%) remain concerned or extremely concerned about their current tools being able to detect and protect against identity security threats, and 45% reported an identity security incident in the last year. As part of the platform, Permiso’s Universal Identity Graph enables security teams to create a graph relationship of all credentials and identities across their environments to gain a complete view of who’s accessing what and whether the behavior is normal or suspicious. Benefits from Permiso's new identity security platform In addition to the Universal Identity Graph, enterprises leveraging Permiso's new identity security platform will benefit from: Comprehensive Identity Inventory: A full inventory of all human and non-human identities across environments. Proactive Vulnerability Detection: Identification and enumeration of identity vulnerabilities to mitigate risks before exploitation. Advanced Threat Monitoring: Continuous monitoring for suspicious access and behavioral anomalies. How enterprises protect their most valuable assets "Identity security is no longer just about securing credentials; it’s about understanding the full scope of human and non-human interactions within an organization," said Jason Martin, Permiso Co-founder and Co-CEO. "With the launch of our new platform, we are setting a new standard for how enterprises protect their most valuable assets." Permiso monitors "Identity security needs to be addressed with a holistic approach that eliminates the potential for blind spots. Permiso monitors both human and non-human users to quickly identify those that are most likely to be compromised, and those that have already been compromised,” said Autodesk Chief Trust Officer Sebastian Goodwin. “Permiso gives us a central inventory of all of our identities and credentials, their vulnerabilities, and monitors them for suspicious and malicious behavior, allowing us to quickly and effectively respond to threats.”  Permiso's new identity security platform Permiso's new identity security platform builds upon its existing ITDR capabilities Permiso's new identity security platform builds upon its existing Identity Threat Detection and Response (ITDR) capabilities, which provide coverage across identity providers, IaaS, PaaS, and SaaS applications.  Permiso has developed more than 1,500 detection signals across these environments, fueled by its expertise in tracking threat actor groups such as LUCR-3 (Scattered Spider), a group known for compromising human identities and non-human identities to gain access to sensitive data. Permiso has added several Las Vegas luxury resorts and casinos as customers in the wake of campaigns orchestrated against hospitality groups in recent years. Permiso's P0 Labs team The steps that Permiso is taking to secure human and non-human identities come amidst the backdrop of the increasing adoption of agentic AI, which will no doubt add new and expanded identity risk threats. Permiso's P0 Labs team has identified numerous campaigns leveraging NHIs, including resource hijacking, password spraying, and credential stuffing attacks.

Permiso, the pioneer in real-time identity security, has released a suite of three open-source tools that help security teams bolster their detection capabilities for a variety of different attacks. The P0 Labs team, the threat research arm of Permiso has launched a total of ten open-source tools to date, developed from their ongoing threat research and observations from real-world attacks. YetiHunter, CloudGrappler Earlier in 2024, Permiso launched YetiHunter, an open-source tool that detects indicators of compromise in Snowflake environments. They also released CloudGrappler which queries high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure.  Detection capabilities and rules A subset of these rules has been incorporated into a multitude of open-source projects Permiso, composed of former FireEye/Mandiant staff, has developed over 1,400 detection rules in their product as a result of their ongoing threat research. A subset of these rules has been incorporated into a multitude of open-source projects that allow security teams to uplevel their detection capabilities in a variety of different environments.  Cloud detection “The learning curve for detection in the cloud is steep, and our goal is to help security teams bolster their detections across their cloud environments without having to purchase commercial software solutions like a SIEM,” said Permiso Co-Founder and Co-CEO, Jason Martin. He adds, “We are committed to providing resources that can help the broader security community defend against the TTPs of modern threat actors.” DetentionDodger DetentionDodger will list all the identities with a Quarantine Policy (version 1-3) and look for failed policy attachments In the suite of projects is DetentionDodger which finds identities with leaked credentials and their potential impact. DetentionDodger will list all the identities with a Quarantine Policy (version 1-3) and look for failed policy attachments of a Quarantine Policy in CloudTrail Logs to generate a list of users with leaked credentials. It also lists all the inline and attached policies of the user and each group it is part of to determine the impact based on privileges. BucketShield BucketShield is a monitoring and alerting system built for AWS S3 buckets and CloudTrail logs. It ensures the consistent flow of logs from AWS services into S3 buckets and mitigates potential misconfigurations that could interrupt log collection. With real-time tracking of IAM roles, KMS configurations, and S3 log flows, BucketShield ensures that every critical event is recorded, and your cloud remains audit-ready. CAPICHE Detection Framework CAPICHE Detection Framework is an open-source tool designed to simplify each step of the cloud API detection Finally, CAPICHE Detection Framework (Cloud API Conversion Helper Express) is an open-source tool designed to simplify each step of the cloud API detection translation pipeline. It enables any defender to instantly create a multitude of different detection rules from groupings of APIs, even if the complete API names are unknown. Bolstering defences “The collection of these three tools helps security teams immediately hone their detections and bolster their defenses against a variety of cloud-based attacks,” said Principal Threat Researcher, Daniel Bohannon. He adds, “This isn’t just to help better defend against future attacks but addresses key attack vectors in their environments that could be indicative of past or present compromise.”