In the 10 years since rolling out its BloodHound solution,
SpecterOps has been the top promoter of attack path management (APM) as an integral part of an increasingly complex and expanding identity security scene. SpecterOps argues that it’s not enough to strengthen
authentication through multifactor authentication (MFA), stronger passwords, or even passwordless verification.
Enterprises need to understand the paths of attacks that adversaries can take by abusing privileges and exploiting user behaviors to gain access into corporate IT environments, a task growing more challenges as the number of identities – both human and, in particular,
non-human identities (NHIs) – accelerates, making traditional security solutions less effective.
It’s a practice that goes beyond security teams, according to
Robby Winchester, chief services officer at SpecterOps.
“Attack paths come from the mess of misconfigurations and legacy IT sprawl that build up over time in identity platforms, most often Microsoft Active Directory and Entra ID,” Winchester told MSSP Alert. “APM is about removing them. Security, identity, and infrastructure teams work together to identify attack paths, find the most dangerous ones, and remove them by fixing misconfigurations, removing extra user privileges, or giving important accounts extra protections.”
APM Part of the Identity Security Package
APM complements other offerings like governance and administration, privilege access management (PAM), endpoint security, and identity detection and response, which he said are important but not built to address the issue of attack paths.
SpecterOps since 2016 has expanded its portfolio of services and tools, including ramping up BloodHound Enterprise, adding BloodHound Community Edition – a free and open source penetration-testing tool – and last year
rolling out Privilege Zones and
BloodHound OpenGraph, extending the reach of its APM capabilities beyond Microsoft AD to platforms like GitHub and Snowflake.
The Alexandria, Virginia-based company is starting off 2026 this week by unveiling BloodHound Scentry, a new service that delivers to enterprises, SMBs, and MSSPs alike tailored guidance for remediating attack paths, analysis of emerging threats, and privilege zone design to protect their critical assets.
On the Hunt with BloodHound Scentry
BloodHound Scentry does this by bringing together the capabilities of BloodHound Enterprise and OpenGraph support with SpecterOps’ experts and practitioners, according to executives.
“We couple our world-class research team’s understanding of how adversaries operate with technical project managers and experts who have detailed understanding of adversarial tradecraft and the power of BloodHound Enterprise to help customers implement APM practices and drastically reduce attack paths within their environments,” Winchester said. “Scentry maximizes this knowledge and experience to accelerate APM maturity for customers currently at any level of APM maturity, enabling faster reductions in identity risk.”
Using BloodHound Scentry, companies with little or no identity APM can build and mature a program in as little as six months, according to vendor executives.
Identity is a Security Flashpoint
Identity has become a key point of conflict between security teams and threat groups, with security experts noting that bad actors no longer need to break into victim’s systems by exploiting vulnerabilities. Instead, they can sign in using stolen or comprised credentials.
Verizon in its annual
Data Breach Investigations Report has found in recent years that as many as 80% of breaches involve compromised identity credentials. Organizations have taken notice. According to SpecterOps, in its
2025 Trends in Identity Attack Path Management survey of 518 cybersecurity and IT decision-makers, almost 60% have increased the amount they spend on identity security, and improving visibility into attack paths was the third-highest priority.
In addition, 59% said they are investigating or have implemented an identity APM solution, and more than half ranked APM integration with other security tools as a top priority.
Interest is High, But Adoption is Slower
“The interest [in APM among enterprises and SMBs] is high, but practical issues have slowed down adoption,” Winchester said, noting the 59% that are researching a program or have one in place. “CISOs ranked identity risk as their top concern over the next three to five years. Most security people we talk to already know this is a problem but couldn’t quantify it or didn’t know how to address it or didn’t have a good enough tool.”
In its
2025 State of Attack Plan Management report, SpecterOps wrote that getting such capabilities will be crucial for businesses.
“The focus for Identity Security should extend beyond preventing credential compromise and become a complete understanding of what could happen when (not if) an attacker gains access,” the report’s authors wrote. “The identity space is evolving, both with the addition of new technologies as well as the general identity sprawl that occurs as an organization grows and technical debt mounts. ... APM is more than closing attack paths, it is understanding what causes attack paths to exist in the first place.”
Good for MSSPs
Security services providers have to deal with the same identity threats that haunt enterprises and smaller companies, Winchester said, adding that BloodHound Scentry can be a tool that they can use.
“MSSPs also have internal networks and permissions they use to manage their own identities and are faced with similar APM challenges that BloodHound can support,” he said.