Startup Finds 'Hydden' Identities in IT Environment

As organizations diversify their IT environments to include cloud applications and software-as-a-service, protecting identity is paramount. In fact, identity is the new perimeter — but for many organizations, securing identity is complicated by the fact that they don't know what they have.

Hydden, a new identity management startup coming out of stealth with a $4.4 million seed funding round led by Access Venture Partners, bridges the identity gap by giving security teams visibility across the organization's entire identity environment. Hydden's platform connects to existing identity and access management (IAM) tools, cloud applications, and on-premises applications to give organizations complete visibility into their identities, accounts, and privileges. The time capsule feature can be used in proactive threat management as it identifies patterns and aids in post-event analysis.

"We acknowledge the reality that CISOs are under unbelievable amounts of pressure. There's not enough resources and not enough hours," says Jai Dargan, CEO and co-founder of Hydden. "We are going to take care of this one task."

Modern identity involves more than just keeping track of passwords and implementing multifactor authentication (MFA). Security teams have to manage accounts for both cloud-based applications and internal applications. Non-human identities, such as service accounts used by automated processes, API keys, and application tokens must also be managed.

Gaps in identity management also pose additional risks, such as overprovisioned or overprivileged accounts, misconfigured MFA schemes, and unused accounts. Credentials that were stored in places security teams didn't even know about are being exposed.

Hydden addresses these gaps by creating a single data layer across IAM, identity governance and administration, privileged access management (PAM), and identity threat detection and response products, the company said.

Several of the better-known established PAM and IAM tools on the market are focused on on-premises applications, which make them less effective for organizations that are cloud-first or have hybrid environments. The technology may be proven, notes Dargan, but they are not designed for cloud environments.

Hydden's goal is to be the continuous source of truth, Dargan says. The platform is constantly looking at the IT environment to detect and classify identities and issues warnings when identity-related risks are identified. Identity needs to evolve into real time, Dargan says, noting how the industry has evolved authentication into continuous authentication and network monitoring into continuous monitoring.

"We have network discovery and asset discovery," he says. "Now we need continuous identity asset discovery."