Despite continuous corporate investments in building resilient cybersecurity postures, identity security remains one of the most prevalent attack channels with considerable risk to enterprises. It’s estimated that 90% of organizations experienced an identity-related incident in 2024, driving the continued top prioritization of identity security across the majority of CISOs. Given its persistent enterprise importance and constant innovation, the Ansa team has been focused on identity software for multiple cycles of development. 

‍

Securing identities is much easier said than done for enterprises with large employee bases, especially given the requirements to secure the sticky, existing identity infrastructure prevalent across corporations.  Today, more than 90% of the Fortune 1000 use Microsoft Active Directory (AD) to manage user/service accounts, services, and more. As the number of these identities and components grows within an organization and their management becomes increasingly complex, the number of attack paths, or ways for a bad actor to infiltrate systems exponentially increases. With the number of potential attack paths in the millions, if not larger, it becomes an impossible task for security blue teams to figure out the most critical paths to sever. 

‍

Enter SpecterOps, the platform for automated attack path management and prioritization

‍

SpecterOps' platform utilizes directory data to map every attack path through every misconfiguration, highlights configurations shared by multiple attack paths which they call chokepoints, then quantifies the exposure and provides remediation guidance to security teams. With SpecterOps, security teams are able to prioritize and fix the least amount of attack paths while simultaneously maximizing their reduction of risk.

‍

The platform is built around their open-source project BloodHound Community Edition (BHCE), which the founding team created while working as penetration testing experts at a previous organization. Today, the tool is immensely popular with red teamers/pentesters and is used by the vast majority of enterprise penetration tests. Since BHCE was designed as a red teaming tool, it relies on user-driven queries to display/analyze attack paths, which is a burdensome task for security teams trying to protect against large volumes of attack paths. Now, with SpecterOps and BloodHound Enterprise, security teams are able to get continuous and automatic insights into all attack paths within an organization and how to best prioritize and remediate them. Furthermore, with SpecterOps’ ability to identify chokepoints, organizations are able to significantly reduce (oftentimes by 50%+) their number of potential attack paths within a matter of months.

It is clear the value has been resonating as SpecterOps now supports some of the largest global enterprises across all industries like technology, manufacturing, financial services, healthcare, and more. We are excited to partner with the company as part of the Series B and give security teams the tools they need to meaningfully improve security posture. Check out the company website and Series B press release to learn more and discover career opportunities.