Corporate IT Cyber Security​

Identity and Access Assessment

Safeguard the management of digital identities and access privileges in your business.

Humans make mistakes. We help you fix them.

The majority of information security incidents occur as a result of user accounts that become compromised through:

This can lead to the eventual breach of an administrator account, effectively giving a threat actor access to your entire business—all from a single initial crack in your defences.

Peloton’s Identity and Access Assessment gives you the visibility you need to identify these compromised accounts, along with an assessment of any existing risks and prioritised recommendations for remediation.

Why perform an identity and access assessment?

Reveal blind spots to better understand the full scope of any weaknesses

Identify existing compromises through informed threat hunting

Improve continuously by sharing an understanding of risks with all users

What to expect with a Peloton identity and access assessment

Depending on your needs, Peloton can provide an end-to-end service offering from identity and access assessment through to remediation.

Our identity and access assessment methodology is focused primarily on Active Directory (AD) accounts. As part of this process, we:

  • Test all password hashes to reveal weak passwords by:
    • Uncovering common passwords against a 1.3B word list
    • Cracking weak hashes with the brute force of 5.6T iterations
  • Correlate AD and Azure AD metadata
  • Provide list of immediately actionable steps

Once we’ve completed the assessment, we support you with a remediation program, including a workshop to prioritise a focused program of work and resource, capacity and change management planning.

Post-remediation we provide metric reporting and compliance improvement strategies.

While Peloton typically performs white box vulnerability assessments (where you provide information about your IT environment so Peloton has full knowledge of it), we are adept at conducting a range of test types to suit your needs.

The Peloton difference  

Strategy and compliance

We apply an understanding of your business context to decide both what to do and what not to do, in line with market-standard compliance frameworks. We also work closely with your teams to optimise change management.

Sustainable remediation

Our remediation options are designed to avoid disrupting business-as-usual operations or negatively impacting users. For example, we avoid broad stroke remediation like mass password resets and instead take a staged approach to prioritise actions that mitigate the most risk.

Demonstrated experience 

Peloton is known to move quickly to address high-risk findings. We work closely with your incident response partner to rapidly bring them up to speed and address critical areas for remediation.

Customer testimonials

Frequently Asked Questions

Identity and Access Management (IAM) is a comprehensive framework that aligns with the fundamental cyber security principles of Identification, Authentication, Authorisation, and Accountability (AAA). It entails a structured approach to regulating access to critical organisational resources, such as sensitive information and systems. IAM facilitates secure access to company assets, encompassing databases, applications and data, and extends its horizon beyond internal employees to encompass contractors, vendors, business partners and external device users. By enabling precise control and maintaining audit records, IAM establishes a robust security infrastructure that empowers authorised personnel and devices while establishing formidable barriers against unauthorised external intrusion.

Identity Governance and Administration (IGA) differs from Identity and Access Management (IAM) in that it allows businesses to not only define and enforce IAM and IAM policy but also leverage IAM functions to comply with audit and compliance requirements. IGA has a defined role in ensuring that IAM policies are connected and adhered too.

Once an Identity and Access Assessment has been completed, your business will receive a report that provides visibility and insight into compromised accounts and existing risk, as well as prioritised recommendations for remediation.

The Peloton Identity and Access Assessment will provide you with a better understanding and appreciation for any weaknesses within your environment, identifying current compromises through threat hunting and help improve understanding of risks with all users.

Get started with your cyber security assessment.