Identity Security Insights 25.07.1

We’re excited to announce that Insights is now available in Canada and the United Kingdom!

This expansion ensures customer data remains within its respective geographic region to meet compliance and governance requirements. Organizations can also take advantage of a broad set of identity security capabilities, including visibility into identities and True Privilege™.

We’ve introduced a new dashboard report called Cloud Identity & Risk Overview, now available via the main dashboard dropdown menu and in the Reporting area under the Dashboard section.

This report provides a high-level view of identity posture and risk exposure across your cloud environments - specifically AWS, Azure, and Google Cloud. It helps teams monitor:

• Identity Inventory: Track counts of human and non-human accounts, along with AWS IAM policies.
• Privilege & Risk Insights: View dormant and high-privilege accounts, plus total privilege escalation paths.
• Remediation Metrics: See findings surfaced within a selected time period and monitor trends in open vs. closed recommendations.
• Security Recommendations: Access new recommendations by severity and view the top 5 most critical.
• Threat Detections: Analyze detection trends and severity breakdowns, including the top 5 active detections.
• Cloud Provider Filtering: Focus the dashboard on AWS, Azure, or GCP to tailor findings to your environment.

A new Entitlement Pathing report is now available in the Preview section of the reporting area, which offers early access to reports nearing final release.

The new report provides two views to analyze how entitlements are assigned and inherited across accounts:

• Entitlement Paths
  • Select an entitlement to view all accounts with access - direct or inherited (e.g., via groups, directory roles, etc).
  • A graph displays the full access path from the entitlement to each account, helping identify complex privilege chains.
• Account Entitlement Paths
  • Select an account to view all entitlements it has and how each was granted.
  • A graph shows the access path from the account to each entitlement, including indirect assignments.
  • A privilege-level breakdown and entitlement list are shown alongside the graph.
• Shared Features
  • Search and filter controls to refine the accounts or entitlements shown.
  • Color-coded graphs help trace access paths.

We’ve added a new column to the Blank Passwords, Compromised Passwords, Shared Passwords, and Password Health Overview reports.

• Last Password Change: Shows when each password was last updated, providing additional context for evaluating account security posture.

A new Supported Features column now displays on the Available tab, showing functionality supported by select connectors to improve visibility into connector capabilities within Insights.

New AWS Detections added to surface risks related to high-privilege IAM policy assignments.

• A potentially highly privileged IAM policy has been attached to an IAM Role (Detection)
  Detects when a potentially high-privilege IAM policy is attached to a role, which could lead to privilege escalation or unintended access.
• A potentially highly privileged IAM policy has been attached to an IAM Group (Detection)
  Detects when a potentially high-privilege IAM policy is attached to a group, which could lead to privilege escalation or unintended access.