Tag Archives: BeyondTrust

Securing Federal Access: How Identity Visibility Drives Zero Trust Success

Posted on by
Reply

Federal agencies face mounting pressure to implement Zero Trust frameworks but often struggle with where to begin. The answer lies in understanding identity telemetry, the insights into who has access to what and how threat actors exploit identities to gain privilege and maintain persistence. Because threat actors increasingly steal credentials and pose as legitimate users, Federal agencies can no longer rely solely on detection tools that trigger alarms after attacks succeed. This shift demands a new approach to Zero Trust, one beginning with comprehensive visibility into the identity attack surface before implementing controls.

From Detection to Prevention

Federal agencies have historically relied on detection-based security tools like Endpoint, Detection and Response (EDR) and Extended Detection and Response (XDR) solutions to detect malicious activity. While still valuable, these reactive tools are inadequate as adversaries are compromising both human and non-human credentials, operating for extended periods. Using legitimate credentials, threat actors gain persistent access and escalate permissions while evading detection.

The missing component is proactive threat hunting that maps potential identity exposure before they are exploited. This requires aggregating identity data across the entire IT environment and analyzing how threat actors could leverage poor identity hygiene such as overprivileged accounts, insecure Virtual Private Networks (VPNs), exposed passwords and secrets, blind spots in third-party access and dormant identities to gain access to critical assets and data. Zero Trust relies on knowing exactly how identities function across the environment; without this visibility, agencies are essentially enforcing Zero Trust policies blindly and wasting time and money by not investing in protection capabilities that are resilient against cyberattacks. Identity telemetry should guide agencies in building proactive identity and mature Zero Trust capabilities.

The Fragmented Identity Visibility Problem

Federal environments span on-prem Active Directory (AD), multicloud environments, federated identity providers and numerous Software-as-a-Service (SaaS) applications, causing confusion, overlap and complex interactions across these different environments that are difficult to track, limiting end-to-end visibility of hidden attack paths for lateral movement and escalation.

These “unknown trust relationships” or “paths to privilege” stem from:

  • Identity provider misconfigurations replicating over-permissive access
  • Nested group memberships granting indirect privileges
  • Federation relationships enabling cross-domain escalation
  • Generic “all access” group rights elevating unprivileged users

These exposures exist between siloed systems and provide entry points for threat actors. Addressing this requires aggregating identity data, mapping cross-domain relationships and calculating the human, non-human and AI based identities. This exposes blind spots and transforms an unknowable attack surface into a manageable identity landscape.

True Privilege Calculation

Traditional privilege assessments focus on group membership and cloud role assignments but miss factors like nested groups, cloud application ownership, misconfigured identity providers and federation pathways. These elements often elevate an identity’s privilege far beyond what surface-level audits reveal.

BeyondTrust, Securing Federal Access blog, embedded image, 2025

True privilege calculation measures an identity’s effective and actual privilege across all connected systems and domains, including relationships, configurations and escalation pathways. For example, an identity that appears low-privileged in AD may federate into Identity and Access Management (IAM) roles and elevate its privilege. This visibility supports key Zero Trust decisions, such as:

  • What access should be continuously verified
  • Gaps in least privilege enforcement
  • Which accounts are most likely to be targeted
  • Where to place micro-segmentation boundaries

Given the scale and complexity of modern Federal environments, manual calculation is impossible. Automated solutions must continuously analyze permissions, relationships and identity provider configurations while mapping escalation paths. True privilege calculation transforms Zero Trust from theory into actionable strategy that goes from implementation to Zero Trust maturity.

Critical Attack Vectors

Dormant privileged accounts, often left active after personnel departures or reorganizations, retain elevated permissions long after their use ends. Threat actors frequently identify and reactivate these accounts to move laterally and maintain persistence using legitimate credentials. Effective identity hygiene requires:

  • Continuous monitoring of new dormant accounts
  • Cleanup of existing dormant or misconfigured accounts and standing privilege
  • Behavioral detection to flag unusual privilege escalation attempts or unexpected activity

Identity security cannot be a point-in-time exercise. Without visibility and a proactive approach, configurations drift and dormant accounts accumulate. Agencies must continuously identify dormant privileged accounts and immediately investigate if they suddenly become active, one of the strongest indicators of compromise. Continuous visibility transforms identity hygiene from a reactive alert-based approach to actionable telemetry for proactive threat hunting around current and known attack risk.

The Expanding Identity Attack Surface

The identity attack surface extends far beyond human users to service principals, cloud workloads, Application Programming Interface (API) credentials and automated systems, collectively known as “non-human identities.” These accounts often have elevated privileges but lack safeguards like password rotation, Multi-Factor Authentication (MFA) or behavioral analytics, creating significant security gaps.

Agentic AI introduces new challenges. Unlike traditional service accounts, AI agents act autonomously based on their instructions, tools and knowledge sources. A seemingly low-privilege agent could escalate privileges by interacting with other agents, creating complex escalation chains. Understanding an AI agent’s effective capability, not just its assigned permissions, is essential.

AI and non-human identity risks come from interconnected relationships. An AI agent running as a cloud workload may access secrets, interact with privileged systems or execute commands across domains. True privilege calculation for these entities requires mapping downstream actions they could initiate. Federal agencies need governance designed for non-human identities and AI agents, including:

  • True privilege calculation of escalation paths
  • Comprehensive inventory across all systems
  • Monitoring of potential blast radius as AI adoption accelerates
  • Context and knowledge of AI use and where agents are being deployed
  • Visibility into AI agent instructions, tools and knowledge sources

Investing in identity visibility now prepares agencies for emerging challenges as AI adoption becomes more prevalent.

Federal agencies must secure hybrid environments against adversaries who exploit identities rather than technical vulnerabilities. The path forward requires shifting from reactive detection to proactive threat hunting, eliminating fragmented visibility, measuring true privilege across all domains, maintaining continuous identity hygiene and extending visibility to non-human identities and agentic AI. Identity telemetry provides the data foundation needed for Zero Trust maturity, showing agencies where and how to strengthen their security posture.

Discover how comprehensive identity visibility drives Zero Trust maturity by watching BeyondTrust and Optiv+Clearshark’s webinar, “Securing Federal Access: Identity Security Insights for a Zero Trust Future.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including BeyondTrust, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Normalizing Innovation: Lessons from State and Local Leaders

Posted on by
Reply

Think about the past 18 to 20 months. Many facets of our lives were (and still are) in flux. The same is true for municipalities, school districts, counties and states. Pandemic-related responses stretched public servants beyond their job descriptions, and they showed up: creating life-saving workarounds for the public; cutting through bureaucratic red tape to streamline benefits; rethinking how to serve constituents in need; launching digital tools and services to empower employees and the public in new ways; and more. This guide provides use cases and practical tips for ensuring that the progress made during the pandemic sticks. In conversation, innovation and technology intertwine, but technology alone isn’t innovation. True innovation gets to the heart of how governments use tech to improve outcomes, save lives and empower employees to serve at their best. Download the guide to read more about how agencies at the state and local levels are advancing with the latest technology.

 

3 Things You Can Do Now to Rethink Innovation

“Innovation came in waves in the past 18 months. It started with agencies having to reinforce technology’s critical role in their daily operations. ‘I think the second wave of innovation is realizing the opportunity to work differently,’ said Kevin Tunks, National Technology Adviser for State and Local Government at Red Hat, a leader in enterprise open source software innovation. Red Hat is a proponent of using human-centered design to shape positive employee interactions with technologies and impactful customer experiences with government services. ‘I think this pandemic forced everybody to step off the treadmill collectively and rethink how we want to go forward,’ Tunks said. But what does that look like in practice?”

Read more insights from Red Hat’s National Technology Adviser for State and Local Government, Kevin Tunks.

 

Is Your Relationship With Data Helping or Hurting Innovation?

“Your data has a time value, whether you’ve explicitly acknowledged it or not. ‘What we’ve seen at the forefront is this concept of needing to have readily available, reliable data for critical decision-making,’ said Matt Walk, Director of State/Local Government for the Eastern U.S. at Snowflake, a data platform provider. Although states have focused on modernizing their systems for years, the pandemic created a sense of urgency. It reinforced that the stakes are much higher in terms of the ability to quickly access data to make critical decisions, Walk said. This is especially true as states transition from responding to the pandemic to recovering from it. The success of these efforts depends on the extent to which states eliminate silos and embrace a more data-driven, enterprise-focused approach to governing.”

Read more insights from Snowflake’s Director of State/Local Government for the Eastern U.S., Matt Walk.

 

SLG GovLoop Guide November Blog Embedded Image 2021Why Innovation Must Account for the Identity Factor

“The reach of government services hinges on recipients’ ability to prove that they are who they claim to be. However, with the adoption of social distancing practices, the once routine transaction of identification became a logistical and security headache for many agencies. This adjustment particularly impacted departments of motor vehicles and heavily paper-based agencies that had not embraced digital transformation. Then the pandemic hit. Not only were many agencies scrambling to prove identities for large swaths of employees needing remote access to administer government services and benefits, but they also had to provide the same electronic services to the public in need of those services. Embracing the changes was an example of breakthrough innovation for agencies that were forced to adapt. But what can leaders do to sustain and build on this progress?

Read more insights from BeyondTrust’s Chief Security Officer, Morey Haber.

 

3 Ways to Embed Innovation in Your IT Roadmap

“Remote employees may be sharing Wi-Fi with non-government employees on their home networks. Are agencies prepared to address ongoing challenges with security risks and network performance issues as employees compete for bandwidth when working remotely? Among the drivers is the president’s cybersecurity executive order that calls for adopting a zero-trust security model, where implicit trust of any device, node or user is replaced with continuous verification. The mandate is for federal agencies, but the trickle-down impact will affect state and local governments, too.”

Read more insights from SolarWinds’ CISO Tim Brown.

How to Support Lasting and Agile Transformation

“Innovation isn’t typically associated with citizen-facing government services, such as state toll roads, some transit authorities or even public school systems. That’s changing, though, as more governments embrace transformation as a continuous and holistic evolution — backed by formal strategy, dedicated funding, clear roles and expertise. Dick Stark, President of RightStar, an Atlassian verified Government Partner and IT service management provider, has seen these truths unfold across agencies as they embrace Agile and DevOps methods. Take the New Jersey Turnpike Authority, which operates two of the busiest toll roads in the country, for instance. By partnering with RightStar, the agency modernized and consolidated its IT operations, including service incidents and asset management, and tracking functions outside IT, such as intelligent device signage and cameras.”

Read more insights from RightStar’s President, Dick Stark.

How to Make State and Local Innovation Last

“The COVID-19 pandemic revealed a hard truth – state and local governments cannot always meet the public’s needs in person. To adapt, many agencies had to deliver their products and services digitally for the first time. How can agencies sustain this innovation permanently? With more public-sector workforces mixing onsite and remote employees while addressing public preferences, this question’s relevance grows daily. Cloud content management can become a strong component of lasting innovation. Using cloud computing’s decentralized IT, agencies can access computing resources such as data storage on demand. Ultimately, this power can help agencies create innovative digital workflows that serve constituents wherever they are.”

Read more insights from Box’s Managing Director for State and Local Government, Murtaza Masood.

Download the full GovLoop Guide for more insights from these state and local leaders and additional government interviews, historical perspectives and industry research on the future of innovation.

Current Cybersecurity Trends: The Next Wave of Cybersecurity

Posted on by
Reply

The coronavirus pandemic escalated government adoption of technologies like artificial intelligence, cloud, and the internet of things, as entire workforces shifted to telework. But just as agencies have adopted modern tech at record speeds, so too have cyber adversaries – and the rapid adoption of new solutions may create exploitable blind spots and gaps in security. Perimeter-less cloud-based systems present unique cybersecurity challenges, including maintaining visibility into a complex mix of cloud and on-premises systems. Grappling with the new reality of cloud-based environments requires government agencies to explore new strategies and best practices – including adopting a zero trust mindset, monitoring employee cyber hygiene, and investing in cybersecurity tools capable of simplifying complex tasks. Read the latest insights from industry thought leaders in cybersecurity in Carahsoft’s Innovation in Government® report.

 

IIG FCW August 2020 Blog ImageHow Employees Can Boost Cybersecurity

“Security controls are even more important in a world of perimeterless IT environments and expanding cloud adoption. Agencies need to appropriately budget for cybersecurity and apply the basic hygiene of security patching and vulnerability assessment. Those steps can cover about 80% of basic threats, and the security team can focus its energy on more complex threats. Having a strong team is the foundation of those efforts, but it’s not easy to recruit private-sector cybersecurity professionals for government jobs. An alternative is to recruit from within. The government should consider creating programs to train IT team members to take on higher-level cybersecurity roles, which helps agencies build effective teams and helps employees progress on a career path. Whether they bring in new talent or train existing employees, agencies must offer competitive salaries and benefits to keep cybersecurity professionals satisfied and engaged.”

Read more insights from SolarWinds’s Vice President of Products and Application Management, Jim Hansen.

 

A Better Approach to Telework Security

“This large-scale shift to working from home introduces interesting challenges for government agencies. How do they secure a growing number of remote devices while keeping employees productive? How do they enforce least privilege while allowing end users to perform necessary tasks? How do agencies secure devices, access and systems when the network perimeter has been stretched to support large numbers of remote workers? Some IT leaders have committed to VPNs or remote desktop access, both of which can be difficult to secure and scale. Devices are still at risk when they’re not connected to the VPN or remote access technology because of vulnerabilities in the home network. For example, agencies can’t protect against a family member or housemate using an employee’s home computer. They may also not be able to enforce whether or not basic software, such as antivirus or OS, is up-to-date on a personal device. The situation fundamentally requires a shift to the cloud.”

Read more insights from BeyondTrust’s CTO and CISO, Morey J. Haber.

 

Rethinking Security in the Age of COVID-19

“Although agencies are focused on telework security, they also need to think about what’s over the next hill. They should be aware that sequestration is likely just around the corner. Given the mounting deficit due to the pandemic-related stimulus package, I believe flat will be the new up for agency budgets, and when IT allocations shrink, security is often deprioritized. Now is the time to find smart ways to spend money. Agencies should look for multifunctional solutions, such as software-defined networking, and choose options that are intrinsically secure. Fortunately, we are on the cusp of a revolution driven by the intersection between the platform-based approach to cybersecurity and increasingly mature artificial intelligence. That convergence will tip the balance from attacker to defender.”

Read more insights from Fortinet’s Public-Sector Field CISO, Jim Richberg.

 

Visibility and the Quest for Zero Trust

“For the foreseeable future, agencies will use a blend of on-premises data centers, virtual environments, and public and private clouds. To better manage and protect those resources, agencies must have maximum visibility into all their data, including data in transit and encrypted data. A unified solution that provides pervasive visibility and manages information from a single pane of glass is increasingly important. That visibility enhances the security tools agencies are already using to defend their networks and improves the way they detect, investigate and respond to cybersecurity threats. In addition, zero trust architecture has gained a lot of momentum in the federal government. However, although agencies report that 80% or more of their network traffic is encrypted, we have seen that only about 30% is actually inspected. It’s a significant blind spot that must be addressed. Without pervasive visibility into data in motion — whether it’s in a physical or cloud-based environment — agencies can’t implement a zero trust architecture.”

Read more insights from Gigamon’s Vice President of Public Sector, Dennis Reilly.

 

The Growing Need for Asset Management

“More people are acting in decentralized ways right now, but that decentralization is part of a larger trend. Multi-month strategic plans are becoming a thing of the past, and fewer IT purchases go through the CIO’s office. According to researchers, over half of IT spending is now done by line-of-business leaders, not by a central function such as a CIO. Therefore, agencies must have a simple, comprehensive process for gaining insight into technologies as they’re added to the network. Otherwise, more security gaps will invariably occur. Those gaps are exacerbated by the pandemic because agencies cannot easily add secure data center capacity to support large-scale telework. It’s much easier to use a government purchase card to address a pressing need for videoconferencing, for example. But even approved cloud products and services are not secure by default. They need to be continuously monitored.”

Read more insights from Expanse’s CTO and Co-Founder, Matt Kraning.

 

The Key to Securing Cloud Resources

“The recent surge in telework affects the vast majority of government employees, including IT teams. But it is a challenge to manage and secure servers and other infrastructure located inside agency data centers without being able to physically access those resources. Given the restrictions on sending employees into government offices, many agencies are accelerating their move to cloud-based infrastructures, which essentially transfers the responsibility for physically managing servers to the cloud platform providers. Moving to the cloud is a logical and essential step toward enabling remote IT employees to gain access to systems and data, but it also expands the systems an agency must manage and heightens the need to control access to them.”

Read more insights from Centrify’s Chief Strategy Officer, David McNeely.

 

Adopting a New Defensive Strategy

“Threat actors are shifting their tactics to take advantage of your now decentralized workforce, which means the nature of your enterprise defines your threat landscape. To use a sports analogy, two teams face off against each other on a football field. The offensive line’s actions are executed to make it to the defender’s end zone. The line between the two is clearly defined, and each opposing team adjusts its actions to take advantage of the other’s potential gaps. Two factors come into play: visibility into how the opposing team is lined up and what plays it usually executes in that situation. In cyber, this requires visibility into where your teammates are, what your gaps are, where the opposing force is and what plays it may execute to take advantage of those gaps.”

Read more insights from Infoblox’s Principal Security Architect, Chris Usserman.

 

Why AI Transforms Cybersecurity

“The focus of protection has long been moving to the endpoint, but now that move is more pronounced than ever. However, agencies can no longer rely on a network to gain visibility into those end-user devices and know whether they are protected and what resources users are accessing. All that insight now happens via the endpoint rather than the firewall. The distributed nature of the workforce makes it harder to control where devices are and sometimes even to provision them. Along with allowing remote work, agencies must also allow remote security. That means they need to be able to monitor all those endpoints via the cloud, and devices need to have embedded mechanisms that deliver real-time protection regardless of cloud connectivity.”

Read more insights from SentinelOne’s Co-Founder and CEO, Tomer Weingarten.

 

A Unified Approach to Visibility and Security

“In one recent example of the growing sophistication of adversaries, Trustwave conducted a threat hunt that led to the discovery of a new malware family dubbed GoldenSpy. The malware was found embedded in tax payment software required for conducting business operations in China. GoldenSpy essentially is a backdoor that allows adversaries to inject malware or spyware into the company’s network. Even if you uninstall the tax software, the backdoor remains. Countering such threats requires coordinating a complex mix of on-premises, hybrid and multi-cloud environments. Furthermore, although a cloud provider typically offers security tools for securing data on its platform, those tools often won’t work across other cloud environments or give agencies complete visibility.”

Read more insights from Trustwave Government Solutions’s President Bill Rucker.

 

How to Build Stronger Security Teams

“Based on the lessons we’ve learned during the coronavirus pandemic, government networks may permanently become virtual, remote environments. The old approaches often don’t scale well for remote users, so the focus must shift to credentials and how to protect them. As computing resources move to the cloud, the credential is what glues everything together. Network defenders need to be able to record each action associated with a credential and know whether that behavior is normal or abnormal. With agencies operating in a complex mix of cloud and on-premises environments, it can be difficult to understand what’s going on and, more important, what’s normal and what’s abnormal. Machine learning through modeling allows agencies to answer those questions more quickly, more efficiently and with a higher degree of confidence than humans can.”

Read more insights from Exabeam’s Chief Security Strategist, Steve Moore.

 

Ripple20: A Mission-Critical Risk

“Forescout worked with JSOF, which first uncovered Ripple20, to identify the devices and vendors impacted by these vulnerabilities. JSOF estimates that hundreds of millions of internet of things and operational technology (OT) devices are at risk, and they are as varied as printers, uninterruptible power supplies, medical infusion pumps and industrial control systems. In short, Ripple20 can disrupt mission-critical technology that security teams typically don’t spend much time managing and sometimes can’t manage because the embedded software is not accessible. Unfortunately, that means there is no single manufacturer with a practiced way to fix the software. Instead, the burden falls on security teams to understand and mitigate the risk.”

Read more insights from Forescout Technologies’ Director of Federal Civilian Agencies, Erik Floden.

Download the full Innovation in Government® report for more insights from these Government Cloud Security thought leaders and additional industry research from FCW.