Summer’s Nearly Here – and So Is the Next Wave of Identity Security
If the Spring sunshine is anything to go by, we’re in for a spectacular Summer. Just like the weather, things have been heating up at BlueFort. Over the past few months, we’ve been on the road across the UK, supporting organisations as they tackle one of today’s most urgent cybersecurity challenges: identity security.
We’ve had the privilege of running workshops with some of the UK’s most critical sectors. In Liverpool, we partnered with Silverfort to deliver a hands-on IAM session for North West NHS organisations, packed with practical guidance on discovering and enforcing correct service account behaviours and providing MFA everywhere. If you couldn’t make it, don’t worry – more dates, industry vertical events, and locations are coming soon.
We also brought identity front and centre whilst exhibiting and speaking at the Financial Services Infosec Conference 2025, where it was clear just how much DORA (Digital Operational Resilience Act) is shaping 2025 strategies. Identity is no longer just a cybersecurity conversation; it’s a boardroom priority.
As we head into June, there’s another big moment on the horizon: the 30th anniversary of Infosecurity Europe, now at London’s ExCeL. From its early Olympia days, to becoming one of Europe’s flagship cyber events, we’re proud to have walked this journey with the community and we’re incredibly excited to catch up with friends, partners, and new faces once again from 3rd-5th June. We’d love to see you there, and it’s not too late to register for your free pass HERE.
To our customers, partners, and supporters: thank you. Your trust, collaboration, and commitment fuel everything we do. We’re just getting started, with more insights, events, and hands-on support coming your way to help your organisation stay secure, resilient, and always a step ahead.
Enjoy the sunshine – and stay cyber safe. Warm regards Dave Henderson
Securing Trust within Financial Services
With so many high-profile cyber attacks in the headlines, financial services must now treat identity security as a critical line of defence. In this blog, our Finance Sector Lead explores the impact of DORA, the rising cost of breaches, and why effective IAM strategies are the key to securing trust.
The key to beating a cyber attacker? Know their playbook and use it against them. In this blog, BlueFort CTO Josh Neame explains how Attack Path Management helps organisations see their environments through the eyes of an attacker, revealing hidden risks and proactively shutting down threats before they cause harm.
Identity has always been a hot topic, but with the rise in ransomware attacks on household names many organisations are now asking: Could we be next?
In this webinar, we’ll explore how to address today’s biggest identity challenges, how to manage IAM in complex, hybrid environments, and how to avoid IAM project failure.
Tech Talk Tuesday – Attack Path Management & CTEM – Cutting Risk at the Root
24th June, 2pm
Traditional vulnerability management is struggling to keep up with attackers who are always looking for sneakier and quicker ways to reach your crown jewels.
Join us for a concise, no-nonsense 20-minute webinar where we break it all down.
Join us for a focused cybersecurity webinar exploring the real-world risks posed by third-party files, USBs, and external data within Operational Technology (OT) environments – and what your organisation must do to remain both secure and compliant.
You’ve met us over Teams but how well do you really know us? Meet Ross Yates, leading Cybersecurity Consultant. We’ve had a chat with Ross to get to know him better
Across all walks of life there are a myriad of catchphrases used to capture a mood, describe a situation, explain a certain behaviour, or define the odds of something happening. The phrase “there’s no such thing as a silver bullet” seems largely to have been assigned to the archives of cybersecurity marketing vaults these days (thank goodness). Alongside its teammate that reads something like “if you think you know it all about cybersecurity, this discipline was probably ill-explained to you.” Both are true, by the way, but very much overused in my humble opinion. And then there’s ‘fight fire with fire!’. Whilst this has also had its fair share of overuse in today’s vernacular, I’m not going to send this one to the archives just yet, as it is relevant in the context of this blog. Bear with me folks…..
If you Google (other search engines are available) the term ‘fight fire with fire’ Wikipedia delivers back a wide array of potential offerings including a Metallica song, a Bruce Willis movie, and a feminist book by Naomi Wolf. However, that’s not what I’m thinking about today. Today I have the concept of attack path management (APM) on my mind, and the relevance to the ‘fight fire with fire’ analogy is that APM is what is usefully described as a threat-informed defence strategy. As the Chinese general Sun Tzu once said, “If you know the enemy and know yourself, you need not fear the result of a hundred battles”. Thinking like the enemy is the foundation of APM.
What is Attack Path Management?
Put simply, attack path management (APM) is a process your company can use to get insight into your security weaknesses, as seen through the eyes of an attacker. Importantly, it does this with the additional context of your company’s own unique security infrastructure, security controls, and existing cybersecurity defences.
The process aims to identify any ‘attack path’ that a cybercriminal could take. If you know how an attacker might try to break into your systems, you can bolster your defences and help your team shut down those routes fast – before the bad guys get any deeper into your network accessing servers, databases, or sensitive files.
Attack path management is all about:
Identifying the routes an attacker could use to traverse your systems (and there will be way more than you think);
Analysing those routes to understand which are most dangerous (and it’s not necessarily the length of those routes – it’s where they lead to and the potential for damage that’s key);
Put in place remediation tactics to effectively shut those routes down – like patching a system, changing permissions, or locking a virtual door.
Does my organisation even need APM? I’ve got lots of other tools….
This is a fair question. After all, the average company works with 10 to 15 security vendors and 60 to 70 security tools. Throwing another one into the mix could be considered overkill. But when you step back and look at the current state of play for security teams, I think you’ll be persuaded that APM is a tool worth careful consideration.
Enterprise Strategy Group (ESG), in conjunction with XM Cyber, recently published a white paper that addresses this very question. Jon Oltsik, Senior Principal Analyst & ESG Fellow who authored the paper cites the unprecedented growth of cyber attacks driven by “sophisticated threats, a growing attack surface, greater use of business IT, and even poor security hygiene”. Or, as I like to say, the complexity of cybersecurity challenges faced by security teams today is a one-way street with no end in sight. The M&S and Co-Op cyber attacks in play as I write are testament to the gravity of the situation.
Here’s an interesting statistic from XM Cyber’s 2024 Report: organisations typically have about 15,000 exposures across their environments that attackers could exploit. However, traditional CVE-based vulnerabilities account for less than 1% of those and just 11% of all exposures to critical assets. Put simply, threat actors don’t care about CVSS scores – they care about real-world opportunities. So that should be your focus too.
APM is more than stopping attacks after they happen — it’s proactive. You’re always thinking like an attacker so you can stay one step ahead.
This is why Continuous Threat Exposure Management (CTEM) has made such a massive difference for security teams. Enabling CISOs and SecOps teams to move from a reactive to a proactive mindset, CTEM actively prioritises risks most relevant to their organisation. In case you’re still sitting on the fence about CTEM, Gartner predicts that by 2026, organisations that prioritise security investment based on a CTEM program will be three times less likely to suffer a security breach.
APM fits within the CTEM framework by giving organisations a process to focus on the relatively small and stable number of tactics, techniques, and procedures (TTPs) used by attackers, rather than an ever-increasing and unpredictable number of CVEs. Examples of an attack path include malware, unpatched software, and weak passwords. Once an attacker accesses your network through an attack vector, the attack path details the steps they take to laterally move through the system and access critical assets.
Rather than noodling on knowing every intricate detail of your assets, identifying misconfigurations, identifying risky user behaviour and software vulnerabilities, instead focus your efforts on 1) identifying how an attacker would move through your system and 2) prioritising fixes that make the most significant impact.
How does it work?
At the risk of sounding like an old record, when it comes to effective cybersecurity we all know that visibility is key. The ability to clearly see all aspects of your organisation’s digital footprint, as well as the risks and vulnerabilities within it, is the common thread behind all robust cybersecurity programs.
Where to start?
As I’ve just said, visibility is key. Knowing what you’ve got, where it is, what’s missing…. From first-hand experience, I see that many of the challenges organisations face stem from having little or no visibility into their IT estate. Without a clear view of what exists, it’s impossible to gather accurate information or maintain control. True visibility allows organisations to understand their assets and apply effective controls to the parts they know about.
This is the starting point for APM. The process starts with a systematic review of the components, connections, and interactions within a given system, with the objective of mapping potential sequences of actions that an attacker might employ. By reproducing these pathways, defenders can assess the potential impact and risk of multiple scenarios, and ultimately more effectively prioritise their mitigation efforts.
Benefits of Attack Path Management
Identifies and Addresses Weaknesses: Detects vulnerabilities in systems, enabling targeted and effective mitigation by focusing on the most critical threats and high-risk attack paths.
Improves Incident Response: Supports security teams in creating robust incident response plans by anticipating potential attack paths, and defining clear actions to take during a breach.
Strengthens Compliance: Helps meet regulatory requirements by providing a deep understanding of security risks – ensuring organisations can demonstrate compliance to regulators and stakeholders.
Enhances Third-Party Risk Management: Reduces risk exposure from vendors and external partners by assessing and managing their security posture.
Optimises Security Architecture: Offers insights that can inform the redesign or adjustment of security frameworks, making systems more resilient to cyberattacks.
Promotes Security Awareness: Encourages a culture of cybersecurity awareness and best practices across the entire organisation.
Enables Cost-Effective Planning: Allows for smarter resource allocation within security teams, helping to prevent costly breaches and optimise security investments.
Utilising an APM tool can help ensure your security team has a complete view of your digital assets, together with the contextual awareness to understand the threats faced and the necessary controls to secure them from loss or harm.
Register here to join me as we discuss APM in depth, highlighting use cases and delving into how organisations should look to integrate threat-informed processes into their overall cyber resilience strategy.
We’ll highlight XM Cyber’s award-winning Exposure Management that lets security teams see their on-prem and cloud networks through the eyes of an attacker, and spot attacks before they happen. Because when you see all the ways in, you can keep them all out.
Tell us a bit about yourself?
I live in Row Town, Surrey with my partner Sophie in our first home we bought in January this year. I have a number of hobby’s including golf, football, photography, cooking, BBQ, pizza making, hiking… I enjoy all sorts! I’ve been at BlueFort including my placement year, for 5 and a half years now.
How did you get started in Cyber Security?
I always had an interest in computers and technology in general throughout school, and when it came to A-levels IT was an easy choice. Then it came to choosing university options and Cyber Security intrigued me, as it meant I could learn more about computers and the methods malicious actors used to compromise computers and organisations. My university degree included a placement year, and this is when I found BlueFort and started to learn the technologies that could be used to secure environments, reducing the chance of a breach.
What’s your role at BlueFort and what does it involve?
I work in the Service Delivery team. This includes pre and post sales for technologies within our portfolio. It also includes internal and external technical support, and audit work such as our ISO and Cyber Essentials Plus audits, to ensure we pass these certifications.
What do you love about your job?
The best thing about my job at BlueFort is the diversity that’s involved. Each day brings something different, from project work for clients, to troubleshooting an internal network issue. I get exposure to all elements of working in IT as well as getting to support our customers with their challenges.
What does the future hold?
Continuing to work with our customers and prospects to solve their IT security challenges and reduce the likelihood of compromise. I also look forward to discovering new technologies and developing my own skills in understanding how to increase the security posture of organisations, including our own.
