Identity Is the New Attack Surface, But Most Graphs Are Blind

Monday, July 7, 2025

4 minutes

Posted by

Guillaume Eyries

Co-founder & CPO

Olivier Eyries

Co-founder & CEO

You’ve probably heard it before: identity is the new perimeter. In 2025, this is not just a soundbite. It is the reality we live in. Every user, machine, and service account is a potential entry point. The problem is that most security tools still treat identity as a flat list of permissions, completely blind to the complex web of relationships that define real risk.

This is where identity graphs come in. Not just diagrams, but context-rich, relationship-aware maps that show how accounts, groups, and systems are connected. They do not just show who has access. They show how that access can be used or exploited.

We see this often. Access reviews pass audits but miss the forest for the trees. Because it is not only about who has access. It is about how an attacker could abuse that access.

Here is a typical example. A maintenance account is granted batch job rights on a server that is configured with unconstrained delegation. Through a chain of inherited privileges, an attacker who compromises that account can impersonate other users, escalate privileges, and move laterally using only built-in mechanisms. Most monitoring tools will not flag this. If you are not mapping these relationships, you are missing the exposure.

In one organization we worked with, a group originally created for backup software access had been nested four layers deep. It unknowingly provided indirect access to sensitive financial systems. The issue was not caught during audit because no one had visualized the full inheritance path. Once it was mapped, the attack path became clear.

To defend against this, organizations need contextual, privilege-aware identity graphs that can:

Reveal how permissions can be misused, not just used
Simulate attack paths and lateral movement
Identify paths to critical assets and prioritize what matters most

This is not about fear. It is about giving defenders the ability to see the environment the same way attackers already do. Because if your graphs are blind to exploitation, your defenses probably are too.