Docs
All About Hydden
Dashboards
Identity Posture

Identity Posture

Identity Posture

The Identity Posture dashboard is a data visualization page. The page shows the widgets explained in detail below.

NOTE: Widgets with date references offer historical views of the collected data. Do NOT use the As of Date calendar with the dashboard view.

Threat Score

This widget gives users a high-level view of all the account threat rankings grouped by Low, Moderate, and Critical and an overall Tenant Threat score based on the same three groupings.

img
Threat Score widget

  • Critical Accounts: The click-thru to the saved search result shows the details for all accounts in the critical threat range.
  • Moderate Accounts: The click-thru to the saved search result shows the details for all accounts in the moderate threat range.
  • Low Risk Accounts: The click-thru to the saved search result shows the details for all accounts in the low threat range.

Total Discovered Identities

The total number of Identities discovered by Hydden collectors provides an identity footprint within an organization.

An identity is typically the digital representation of a person, similar to a driving license or a passport. However, it’s important to note that it’s not directly used for authentication, but rather to represent the person who may perform an authentication.

img
Total Discovered Identities widget

The click-thru to the saved search result shows the details of the total number of Identities discovered by Hydden collectors providing an identity footprint within an organization.

Total Discovered Accounts

The total number of Accounts discovered by Hydden collectors provides an account footprint within an organization.

In contrast to an identity, accounts are the objects used to authenticate. Common account types are User Accounts, Service Accounts, and Computer Accounts. Most accounts are comprised of authentication pairs, such as a username and password or client ID and client secret. Hydden only collects account information and metadata and does not collect the more sensitive password information, such as password hashes or keys.

img
Total Discovered Accounts widget

The click-thru to the saved search result shows the details of the total number of Accounts discovered by Hydden collectors providing an account footprint within an organization.

Accounts Mapped to Identities

This widget provides users with an overview of how well-managed their accounts are, such as whether every account has an owner (someone or something). Accounts without owners represent a threat to the organization, so this data is important to ensure an organization is maintaining a good identity management posture.

img
Accounts Mapped to Identities widget

The widget shows percentages of mapped and unmapped accounts. The click-thru to the saved search report provides the list of all accounts that have NOT been mapped to an identity. The saved search focuses on unmapped accounts only.

Account Mapping History

Use the Account Mapping History link to view your organization’s trends around identity mapping, which shows if the overall identity posture has been improving or deteriorating over time.

New Accounts

The New Accounts widget shows the number of new accounts detected by selecting the day, week, or month button. If the number of new accounts unexpectedly rises, this widget helps identify possible attacks and/or suspicious behavior. This data point helps users identify threats or attacks quicker (see new accounts history to support this widget).

img
New Accounts widget

Shared Accounts

This widget provides an overview of the number of accounts that are mapped to more than one identity. Shared accounts are viewed negatively for a company’s overall identity posture.

img
Shared Accounts widget

The click-thru to saved search provides an overview of the number of accounts that are mapped to more than one identity.

Stale Accounts

The Stale Accounts widget shows the number of accounts that had their last login more than 3, 6, or 12 months or potentially never. Looking at stale accounts helps an organization perform proper Identity Hygiene, which is critical to reducing the identity attack surface. With this widget, organizations can identify the number of accounts not being used and refer to a report to assist with account clean-up. Good identity hygiene requires keeping the number of unused/unnecessary accounts as low as possible.

img
Stale Accounts widget

Stale Passwords

The Stale Passwords widget shows the number of accounts that have a password that was last changed either over 3, 6 months, or 12 months ago or never had a password. Looking at stale passwords helps an organization perform proper Identity Hygiene, which is critical to reducing the identity attack surface. With this widget, organizations can identify the number of accounts that have old passwords and refer to a report to assist with remediation efforts. Good identity hygiene requires users to change their passwords regularly to help reduce security threats caused by password data breaches.

img
Stale Passwords widget

Failed Logons

The Failed Logons widget shows the number of failed sign-ins for the last 3, 6, or 12 months. This widget helps identify possible attacks and/or suspicious behavior should the number of failed log-ins increase unexpectedly.

img
Failed Sign-ins widget

MFA Status

This widget provides MFA Status numbers. The widget tiles Enabled, Pending, and Not Enabled have click-thru to reports with the full details for each account matching that specific state.

img
MFA Status widget

  • Enabled: The click-thru to the saved search result shows all accounts that have MFA enabled in the organization.
  • Pending: The click-thru to the saved search result shows all accounts with pending MFA status in the organization.
  • Not Enabled: The click-thru to the saved search result shows all accounts that do NOT have MFA enabled in the organization.

The View Details link opens a modal providing the number of different MFA providers detected during Hydden discoveries.

img
MFA View Details data

MFA attacks are now becoming the norm for identity-related breaches and most MFA deployments in organizations are not properly configured. Organizations have multiple MFA providers (Duo, Okta) and resources that are not properly integrated and/or lack real-time visibility into MFA status at a user level, resource level, account level, or macro level.

Compromised Identities and Accounts

Knowing what accounts and/or identities have been compromised in any known data breach allows users of Hydden to take appropriate action to ensure that the account remains secure.

img
Compromised Identities and Accounts widget

This widget shows three data points:

  • Compromised Accounts: The number of discovered accounts that match data in any 3rd party RISK feed, for example, “Have I been pwned”.
  • Compromised Identities: Number of identities whose email address(es) match on known data breaches.
  • High-Risk Accounts: The Number of discovered accounts that match data in any 3rd party RISK feed, for example, “Have I been pwned”, who have not changed their password since the data breach occurred.

To access the report, click View History.

Discovered Groups

This widget shows the total number of Discovered Groups (Total Groups) and the total number of Discovered Privileged Groups (Privileged Groups).

img
Discovered Groups widget

The click-thrus to the saved searches results provide an overview of all discovered groups and privileged groups discovered in an organization. Each widget tile as a respective focus on the report filters.

Discovery Analytics