Identity Security Posture Management
Find the misconfigurations before attackers do. Eight risk dimensions scored per identity, not just permission counts.
Every hybrid AD and Entra ID environment accumulates misconfigurations. Over-permissioned service accounts. Stale users with Domain Admin rights. Delegation chains nobody remembers creating. The question isn't whether they exist. It's which ones to fix first.
Most posture tools generate a list of findings sorted by severity. The problem is that severity without context is noise. Full control over a GPO linked to Domain Controllers is critical. But is it held by a service account that hasn't authenticated in 400 days, or by your most active admin? The remediation priority is completely different. GraphnAI scores every identity across eight risk dimensions so the worst problems always surface first.
Identity Inventory
Every identity in your environment, typed, scored, and searchable. Users, service accounts, computers, groups, and service principals across AD and Entra ID. Each one carries a composite risk score, criticality classification, permission counts, membership depth, and staleness indicators. Filter by risk level, criticality, or any combination of posture categories.
Over-Permission Analytics
Permission counting is broken. Ten harmless inherited entries shouldn't score higher than two dangerous permissions on an OU containing your Tier-0 service accounts. GraphnAI uses severity-weighted peer-group analysis to find the real outliers. Same department, same role, same domain. If one service account has 5x the weighted permission load of its peers, that's your finding.
The sigma deviation model means you're not chasing arbitrary thresholds. You're finding identities that are statistically different from everything around them. The environment defines what's normal. The outliers define what needs attention.
Delegation Posture
Delegation is the number one misconfiguration in enterprise Active Directory, and it's the one most tools ignore entirely. Unconstrained Kerberos delegation on a member server. Custom inherited ACEs granting full control three OU levels deep. Cross-tier delegation paths that bridge Control Plane and Data Plane access.
GraphnAI classifies every access control entry by origin: explicit, inherited-structural, inherited-custom, and inherited-default. Each delegation source gets a composite score from breadth, severity weighting, scoping, and trustee health. The result is a per-delegation posture score with best-practice conformance checking against Microsoft and ANSSI guidelines.
Posture Management Capabilities
- Eight-factor identity risk scoring: Permission Load, Criticality Gap, Critical Junctions, Alert Severity, Staleness, Tier Level, Nesting Depth, Delegation Risk
- Peer-group deviation analysis with severity-weighted sigma scoring. The environment defines normal. Outliers define your findings.
- Stale identity detection with per-type thresholds: 90 days for users, 30 for computers, 180 for service accounts
- Delegation posture scoring with ACE classification, cross-plane detection, and best-practice conformance
- Identity inventory with full search, type tabs, and category filters across every identity in AD and Entra ID
- Risk Posture Dashboard with composite score, 30-day trending, and drill-down to any finding
Explore the details: Risk Dashboard · Over-Permission Analytics · Stale Detection · Delegation Posture · Identity Inventory