Identity security specialist
Bitwarden is turning to
GuidePoint Security to help expand the reach of Password Manager, its centralized security offering that allows organizations to manage and share passwords from a single workspace, automate the provisioning on user accounts, and monitor security metrics to address problems such as weak or reused passwords including audit access to sensitive data.
The Santa Barbara, California, company’s Password Manager is built on an open source architecture that leverages a zero-knowledge encryption model – ensuring only the user has access to their encrypted data – and can be deployed in the cloud or on-premises.
The
reseller agreement means that organizations that use GuidePoint services will now have access to Bitwarden’s solution and integrate it with other identity security tools being using.
Identity and access management (IAM) offerings from Bitwarden and other vendors are designed to address the rising cyberthreat risks from bad actors that are increasingly trying to steal credentials and gain access into corporate networks. Picus Security, in a report released earlier this year, found that
25% of the malware it analyzed in 2024 was designed to steal credentials, a 3X increase over the previous year.
Picus researchers also highlighted that modern malware was evolving quickly and more tightly focused on stealth, persistence, and automation.
Security Gaps
In its own research, Bitwarden found that despite the growing adoption of multifactor authentication (MFA), 65% of enterprises
still rely only on passwords to access corporate systems, while 37% still support password-only logins as passwordless options expand. Additionally, while 79% of Gen Z members surveyed admit that reusing passwords is risky – compromising one can expose multiple accounts—
72% say they still do it.
Identity-based threats are a bid deal for various reasons, according to Krista Case, research director with The Futurum Group.
“It can be boiled down to the fact that attackers are targeting identities and legitimate credentials to gain access to data, to networks,” Case told MSSP Alert. “What we say is they're logging in, right, instead of hacking in. That presents a number of challenges.”
Increasingly Complex Identity Threats
Organizations need tools that enable them to detect when attacks occur, she said.
“When we look at the identity space in particular, we're seeing that there's an emphasis on being able to provide more contextualized access and what we call just-in-time access,” Case said. “The ability to have greater insight into what the identity is, why it's requesting access to certain data networks, and be able to adjust the privileges from there. It will also revoke privileges as well, and if potentially nefarious activity is identified, then be able have that insight and take action accordingly.”
Protecting identities is a fast-growing business. Analysts with Allied Market Research expect the global IAM market to jump from $6.2 billion in 2022 to
$34.1 billion by 2032, driven by the increasing number of data breaches and identity-driven fraud as more businesses shift their operations online. Bitwarden says it supports more than 50,000 businesses and more than 10 million users across 180 countries.
The company is adding more capabilities to its offerings. Last month, Bitwarden added its Access Intelligence to allow enterprises to be more proactive against internal risks. It also enhanced protections against phishing attacks and expanded its integrations to include support for Microsoft Sentinel and Entra, Splunk, and Okta.
MSSPs, MSPs See Greater Demand
In February, Bitwarden highlighted the
growth of its MSP program, noting that partners in 2024 increased total managed seats by 97% year-over-year and onboarded 62% more organizations, numbers that the company said reflect the need for mitigating identity-based threats.
“Credential-related threats continue to challenge security teams, especially across complex IT environments and a growing number of access points,” Justin Iwaniszyn, director of new and emerging alliances at Herndon, Virginia-based GuidePoint, said in a statement. “As attackers increasingly exploit password reuse, phishing, and weak credential controls to breach critical systems, organizations need adaptable solutions.”
Futurum’s Case said MSSPs and MSPs play a significant role for SMBs and mid-market companies that often don’t have the in-house expertise needed to address identity attacks that are becoming increasingly complex and difficult to defend against.
That said, even enterprises, with their larger headcount and more resources, at times can benefit from outsourced security help, given not only the increased sophistication of attacks but also the growing complexity of their own cyber-defenses, she said.
