SpectorOps, a cybersecurity tools and services company that
raised $75 million in a funding round in March this year, offers capabilities through its flagship
BloodHound Enterprise, designed to help organizations identify and eliminate identity-based attack paths from an adversary’s perspective.
Executives with the Alexandria, Virginia-based company argue that the increasing complexity of enterprise environments spread between the cloud and on-premises sites, and the proliferation of both human and
non-human identities, has rendered traditional methods for configuring identities redundant and ineffective.
The core idea behind the BloodHound Enterprise platform is to detect and eliminate attack paths that bad actors exploit by navigating over-permissioned accounts and security gaps to move laterally and escalate privileges across Microsoft Active Directory and Azure environments. The company also offers a free, open-source BloodHound Community Edition.
The platform continuously maps attack paths, finds choke points for shutting down those paths, offers guidance for eliminating them, and monitors them to ensure they’re taken care of.
There is also a new feature coming to the platform. The company recently introduced
Privilege Zones, which allow security teams to create custom security boundaries around their resources and continuously enforce least-privilege access in cloud, hybrid, and on-premises environments.
Enter Privilege Zones
Privilege Zones expands the capabilities of SpecterOps’ BloodHound Enterprise by introducing logical access boundaries mapped to critical business assets. While the platform initially focused on protecting Tier 0 assets—such as high-value systems and accounts in Active Directory and Azure AD—Privilege Zones broadens the scope to include data stores governed by HIPAA, PCI-DSS payment systems, and code repositories.
With Privilege Zones, organizations can group assets by sensitivity, function, or tier into distinct zones, enabling large-scale enforcement of least privilege and cross-system access control. Security teams gain the ability to detect over-permissioned identities across hybrid environments and prevent lateral movement between zones.
SpecterOps plans to offer Privilege Zones as a premium BloodHound Enterprise feature. Early access begins next month, with general availability expected in August.
The Adversary's Point of View
SpecterOps’ approach makes sense, according to security pros.
“Viewing the environment through an attacker’s lens – understanding how identities and privileges can be exploited – is a smart and increasingly common evolution in enterprise cybersecurity,” K
eeper Security CISO, Shane Barney told MSSP Alert. “This approach supports micro-segmentation strategies that limit lateral movement by creating fine-grained boundaries around critical assets. It’s not entirely novel, but when implemented effectively, it helps translate theoretical attack paths into enforceable controls.”
Venky Raju, field CTO at ColorTokens, called it a “pragmatic way of prioritizing a long list of security projects.”
“Perimeter security, strong identity management, and EDR [endpoint detection and response] are all essential but relatively mature,” Raju told MSSP Alert. “In contrast, most organizations struggle to protect against lateral movement, and SpecterOps is correct in highlighting this. This is why microsegmentation and enhanced identity and access management are core pillars of a zero trust architecture.”
Microsegmentation in zero trust with least-privilege access controls blocks an attacker from cross enterprise-defined boundaries even if a company’s EDR system is compromised or the perimeter firewall is bypassed, he said.
A Boost for MSSPs, MSPs
It also will be a bonus for MSSPs, MSPs, and other SpecterOps channel partners. The company
launched its channel partner program in February 2024, which made its services – from penetration testing to red and purple teaming to maturity assessments – and BloodHound Enterprise available to the channel.
Identity is a prime target for threat actors looking to compromise and access corporate networks, and a top priority for cybersecurity vendors looking for ways to
protect identities. The identity access and management (IAM) market is expected to grow rapidly, with Straits Research analysts forecasting a jump from $21.53 billion this year to
$61.93 billion by 2033, fueled by the rise in data breaches and expanding data protection regulations.
The Identity Management Institute, a cybersecurity training and certification firm focused on identity, highlights that managing identities and access is a fundamental aspect of security.
“As organizations transition to remote work models, adopt cloud-based services, and embrace digital transformation, the
demand for strong Identity and Access Management solutions has surged,” the group said, adding that IAM systems go beyond authentication and authorization and are now “integral to ensuring data security, regulatory compliance, and operational efficiency in complex IT environments.”
Meanwhile, AI, machine learning, and blockchain enable organizations to dynamically manage identities and proactively respond to new threats, the group states.
Non-Human Identities a Challenge
Non-human identities – such as API keys, service accounts, containers, cloud services, and DevOps tools – are quickly becoming a concern.
“Conventional security solutions often fall short when it comes to managing these non-human identities,
leaving a glaring blind spot in enterprise security,” wrote Entro Security, which last month
partnered with Wiz to address the issue. “The lack of visibility, monitoring, and management over these non-human entities creates a substantial security challenge. These digital actors, if compromised, can unravel an organization’s security from the inside out. The oversight is glaring: visibility is insufficient, monitoring is sporadic, and governance is an afterthought.”
