Posture · identity security posture management

Attackers don't break in. They log in.

Find the MFA gap, the stale admin, the risky OAuth grant, the policy hole. Fix them before they become the breach.

Identity posture score console
How did the intern get Global Admin?We have MFA. Right?1,400 findings, zero priorities.

One score the board understands

A 0-100 posture score, updated continuously, weighted across what actually matters.

  • MFA 20%, privilege hygiene 20%, reviews 15%, config 15%, passwords 15%, threat detection 15%
  • Trends, rating bands, and peer comparison by department
  • Executive dashboard, zero spreadsheets
Risk findings grouped by severity with tracked states

110+ checks that find the holes

Misconfigurations and identity risks across users, apps, policies, and tenant settings.

  • Admins without MFA, dormant accounts, guests with member rights
  • Conditional Access gaps, weak password policy, risky OAuth
  • Severity, affected count, and a tracked state on every finding
Finding remediation with affected accounts and automated policy

Remediation, not a backlog

18 actions, 5 tracked states, and guidance per finding. Findings move to closed, not to a CSV.

  • Enable MFA, block legacy auth, remove permissions, restrict consent, and more
  • Risk acceptance with justification and expiry
  • Risk-based automated policies: score crosses a threshold, action fires
Identity Access Tracing graph with path analysis

Identity Access Tracing

Every user, group, role, and app on one interactive graph. The question “how did they get that” takes seconds.

  • 4 layouts: access, org, risk, group, with live risk overlay
  • Path analysis: every route, direct, group, nested, or role, with grant dates
  • Effective permissions flattened to plain create-read-update-delete
Blast radius rings with impact score

Blast radius before the breach

Pick any account or app and see everything reachable if it's compromised.

  • Four rings: direct, group, nested and role, lateral movement
  • Impact score 0-1000 weighted by what's reachable
  • The prioritization layer for every finding and review
How it connects

Posture findings trigger access reviews. Automatically.

Detect

47 admin roles, no admin activity in 90 days.

Trigger

A Govern review campaign spawns automatically.

Close

Reviewers revoke, the score improves, loop closed.

Use cases

Posture work that prevents breaches.

Admin MFA enforcement in a week

Stale admin cleanup via the bridge

Conditional Access gap report

Board-ready posture trend

What's your identity posture score right now?

Connect your identity provider and get your first score the same day.