…now Generally Available A matter of Identity Security In today’s increasingly cloud-based world, Identity is the first, and in many cases, only persistent fingerprint enabling a user’s access to assets in the organization. As the control plane, Identity spans across the enterprise IT tech stack and intersects the data or access planes of device, network, and application. So it’s no wonder Identity is an attractive and common target for attack and compromise. According to the OWASP Top 10, “Broken Access Control” was the top security risk to web applications, with 94% of applications tested for broken access controls in some form. The attack vector here has evolved over time, with token theft and replay becoming an increasingly common threat vector, especially deployed by Advanced Persistent Threat (APT) actors. Organizations with more sophisticated access verification controls need to be wary of this threat. Some of MITRE’s top attack Tactics, Techniques.