Compromised identities are a key aspect of most successful cybersecurity data breaches. Identification, authentication, and authorization controls, also known as provision and deprovision processes, must be aligned with business requirements and maintained appropriately, as user roles evolve over time. Very often, organizations have outdated user accounts because of ineffective deprovisioning processes. Two primary challenges organizations face in achieving basic cyber hygiene are limited budgets and a lack of staff with security expertise.

Many exploits require local access to be executed. A common attack path is to trick a user with legitimate local access into executing malware code through phishing attacks or other fraudulent means. Vulnerabilities that an organization may consider to be low risk pose a much higher risk through such attacks.

Microsoft Active Directory servers – a key component of many networks – contain data about users, computers, applications, and shared resources, among other information. These identity management servers are a favorite target for attackers.