BeyondTrust launches Phantom Labs to boost identity security research
Phantom Labs will draw upon years of security research and will aim to identify new threats related to identity exploitation, particularly in increasingly complex hybrid and cloud computing environments.
The newly formed research team is tasked with investigating the techniques used by threat actors to escalate privileges and maintain unauthorised access, a process described by BeyondTrust as "thinking like an attacker". The intention is to help security professionals gain a deeper understanding of potential vulnerabilities so they can proactively address risks and prevent attacks that target identity systems.
Research focus
The expanded research function is intended to deliver several benefits to the global cybersecurity community. These include carrying out original threat research and vulnerability discovery, producing guidance for defenders in the form of mitigation playbooks and hardening recommendations, and collaborating with BeyondTrust's product teams to support the development of new security features.
BeyondTrust stated that Phantom Labs formalises the work previously undertaken by its security researchers, who have already contributed intelligence and support to high-profile security incidents. Such investigations have included the discovery of critical vulnerabilities and the provision of threat intelligence that aided the response to major security breaches, including one suffered by Okta.
Recent contributions
The company highlighted recent contributions from its research team, which include identifying privilege escalation risks in Microsoft Entra guest accounts, developing detection models for session hijacking using data science, and releasing the Paths to Privilege research framework. The framework is now part of the BeyondTrust platform. Additionally, the team continues to work with initiatives such as the Adventures of Alice & Bob podcast to improve understanding of cybersecurity challenges across the industry.
New leadership roles
Alongside the launch of Phantom Labs, BeyondTrust has announced a series of new appointments to strengthen its research and development efforts.
Kinnaird McQuade has joined BeyondTrust as Chief Security Architect. McQuade is known for his contributions to cloud identity security, notably through the creation of Cloudsplaining, an open-source tool with more than 40 million downloads. This tool has been used widely by security professionals to identify and mitigate risks such as data exfiltration, lateral movement, and privilege escalation, especially in hybrid and cloud environments.
Fletcher Davis, an offensive security researcher and red team specialist, has been appointed to lead Phantom Labs. Davis brings experience in simulating threat actor behaviour, exposing cross-domain identity risks, and revealing complex attack paths in enterprise settings.
The research activities at Phantom Labs will operate under the direction of Marc Maiffret, Chief Technology Officer at BeyondTrust. Maiffret is recognised for decades of work in identifying major software vulnerabilities and co-founding one of the early vulnerability management platforms. 'Think like a hacker.' That mindset shaped my first security startup over 25 years ago, where we helped define Vulnerability Management and built one of the first commercial security research teams," says Marc Maiffret, CTO, BeyondTrust. "Great security products require more than customer insight. They need research teams anticipating threats before they emerge. Traditional PAM solutions lag behind in addressing complex, cross-domain attack paths. And Identity Security isn't a feature you bolt on. It demands a purpose-built platform, led by research. BeyondTrust delivers that with Pathfinder and Phantom Labs - a platform purpose built to secure identities and access, powered by a team uncovering tomorrow's threats today.
BeyondTrust's statement emphasised that these recent investments and changes are intended to support its mission to empower defenders with actionable insights and to foster industry collaboration on identity security standards.
The company's expansion of its research function and leadership reflects what it describes as a strategic milestone as organisations continue to grapple with the challenges posed by hybrid IT and cloud environments, where identity now plays a central role in overall cybersecurity.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
06-08-2025
- Techday NZ
BeyondTrust named Leader in Forrester Wave privileged identity report
BeyondTrust has been named a Leader in The Forrester Wave: Privileged Identity Management Solutions, Q3 2025 report. The assessment, conducted by research and advisory firm Forrester, evaluated ten vendors across 22 criteria encompassing current offerings, strategy and customer feedback. BeyondTrust received the second highest score in the Strategy category and secured the highest possible scores in 13 evaluation criteria. Thirteen highest scores The Forrester report highlighted BeyondTrust's "exceptional vision" and its focus on an identity-first security strategy. According to Forrester, "BeyondTrust's exceptional vision centers on an identity-first security strategy that helps organisations predict, discover, prevent, detect, and respond to identity risks in real time." BeyondTrust achieved the top possible score in the following 13 categories: Vision, Innovation, Partner Ecosystem, Privileged Identity Discovery, Privileged Identity Governance and Administration, Least Privilege Access Management, Just-In-Time Privilege, Endpoint Privilege Management, Cloud Entitlements Management, Secure Remote Access, Identity Threat Detection and Response, Reporting and Analytics, and Scalability. According to the report, "Organisations seeking visibility and control over privileged identities, entitlements, and access - while emphasizing identity threat detection and remediation - should consider BeyondTrust." Forrester's evaluation noted that BeyondTrust's capabilities enable organisations to address the evolving landscape of identity risks and privileged access management. Companies are increasingly required to manage and secure multiple points of access as operational complexity grows and identity-based attacks become more frequent. Company response Sam Elliott, Senior Vice President of Products at BeyondTrust, addressed the significance of the recognition in light of customer challenges. "Our customers are facing an unrelenting wave of identity-based attacks and operational complexity," Elliott said. "This recognition from Forrester reflects for us our strategy to unify privilege controls with real-time identity threat detection, helping organisations protect what matters most. Being the independent privileged identity security provider validates our focus on innovation, being relentlessly customer-driven, and building a platform that reduces risk while enabling business agility." The Forrester report emphasised the need for advanced solutions that enable organisations to discover and govern privileged identities while also managing entitlements and least privilege access. Solutions such as those offered by BeyondTrust also address secure remote access requirements, endpoint privilege management, cloud entitlements management, and reporting and analytics capabilities - criteria where BeyondTrust achieved the report's highest scores. Context for the sector Organisations globally are prioritising privileged identity management to help mitigate the risk of breaches and maintain regulatory compliance. The Forrester Wave report serves as a resource for enterprises evaluating solutions in this domain, providing comparative insights on the maturity and breadth of each vendor's offering, as well as strategic outlook and customer perceptions. Forrester does not endorse any specific company, product, or service in its research publications but notes that its opinions reflect judgement at the time and may change as the market evolves. The analysis is based on available data and customer input, reflecting a cross-section of both market demand and vendor response. BeyondTrust serves a customer base that includes a significant proportion of the Fortune 100, supported by a broad partner ecosystem. The company's approach focuses on neutralising internal and external threats through a holistic view of the identity attack surface, underpinned by both technological innovation and operational integration with existing security infrastructure.
Techday NZ
05-08-2025
- Techday NZ
BeyondTrust launches Phantom Labs to boost identity security research
BeyondTrust has established a dedicated cybersecurity research team, called Phantom Labs, as part of its focus on identity security and threat intelligence. Phantom Labs will draw upon years of security research and will aim to identify new threats related to identity exploitation, particularly in increasingly complex hybrid and cloud computing environments. The newly formed research team is tasked with investigating the techniques used by threat actors to escalate privileges and maintain unauthorised access, a process described by BeyondTrust as "thinking like an attacker". The intention is to help security professionals gain a deeper understanding of potential vulnerabilities so they can proactively address risks and prevent attacks that target identity systems. Research focus The expanded research function is intended to deliver several benefits to the global cybersecurity community. These include carrying out original threat research and vulnerability discovery, producing guidance for defenders in the form of mitigation playbooks and hardening recommendations, and collaborating with BeyondTrust's product teams to support the development of new security features. BeyondTrust stated that Phantom Labs formalises the work previously undertaken by its security researchers, who have already contributed intelligence and support to high-profile security incidents. Such investigations have included the discovery of critical vulnerabilities and the provision of threat intelligence that aided the response to major security breaches, including one suffered by Okta. Recent contributions The company highlighted recent contributions from its research team, which include identifying privilege escalation risks in Microsoft Entra guest accounts, developing detection models for session hijacking using data science, and releasing the Paths to Privilege research framework. The framework is now part of the BeyondTrust platform. Additionally, the team continues to work with initiatives such as the Adventures of Alice & Bob podcast to improve understanding of cybersecurity challenges across the industry. New leadership roles Alongside the launch of Phantom Labs, BeyondTrust has announced a series of new appointments to strengthen its research and development efforts. Kinnaird McQuade has joined BeyondTrust as Chief Security Architect. McQuade is known for his contributions to cloud identity security, notably through the creation of Cloudsplaining, an open-source tool with more than 40 million downloads. This tool has been used widely by security professionals to identify and mitigate risks such as data exfiltration, lateral movement, and privilege escalation, especially in hybrid and cloud environments. Fletcher Davis, an offensive security researcher and red team specialist, has been appointed to lead Phantom Labs. Davis brings experience in simulating threat actor behaviour, exposing cross-domain identity risks, and revealing complex attack paths in enterprise settings. The research activities at Phantom Labs will operate under the direction of Marc Maiffret, Chief Technology Officer at BeyondTrust. Maiffret is recognised for decades of work in identifying major software vulnerabilities and co-founding one of the early vulnerability management platforms. 'Think like a hacker.' That mindset shaped my first security startup over 25 years ago, where we helped define Vulnerability Management and built one of the first commercial security research teams," says Marc Maiffret, CTO, BeyondTrust. "Great security products require more than customer insight. They need research teams anticipating threats before they emerge. Traditional PAM solutions lag behind in addressing complex, cross-domain attack paths. And Identity Security isn't a feature you bolt on. It demands a purpose-built platform, led by research. BeyondTrust delivers that with Pathfinder and Phantom Labs - a platform purpose built to secure identities and access, powered by a team uncovering tomorrow's threats today. BeyondTrust's statement emphasised that these recent investments and changes are intended to support its mission to empower defenders with actionable insights and to foster industry collaboration on identity security standards. The company's expansion of its research function and leadership reflects what it describes as a strategic milestone as organisations continue to grapple with the challenges posed by hybrid IT and cloud environments, where identity now plays a central role in overall cybersecurity.
Techday NZ
05-08-2025
- Techday NZ
BeyondTrust launches Secrets Insights to tackle hidden identity risks
BeyondTrust has announced the expansion of its Identity Security Insights solution with the introduction of Secrets Insights, designed to address vulnerabilities arising from secrets and non-human identities. According to recent Identity Security Risk Assessments completed by BeyondTrust across various industries and organisational sizes, significant gaps have been discovered in current identity security postures. The findings reveal dormant service accounts with privilege in more than 70% of assessed environments. Additional issues include overly permissive Entra Service Principals, which can create direct pathways to Global Admin privileges, thereby endangering Microsoft 365 environments. The assessments also found that credentials are frequently reused across multiple service accounts by administrators, compounding the risks posed by a single compromised password. In the realm of privilege escalation, the report observes that low-privileged users are able to gain administrative access across Active Directory, Entra, AWS, Okta, and GitHub due to hidden escalation paths rooted in configuration errors, federation processes, and synchronisation. AD Service accounts that connect on-premises and cloud environments, particularly those with privileged Entra roles, were also identified as potential cross-platform attack vectors. The review highlighted further weaknesses, such as inadequate GitHub repository access management. This can lead to uncontrolled and unauthorised access to sensitive code and secrets, with personal GitHub accounts exacerbating the risk. "These identity infrastructure issues aren't just misconfigurations, they're invitations. Our Identity Security Risk Assessment data shows that many organisations lack the complete story when it comes to their identity attack surface. For many, overlooked hygiene issues silently open the door to attackers. And with the rise of Agentic AI, the stakes have never been higher, especially as most organisations lack visibility into how compromised accounts can be leveraged to seize control of application secrets, which often carry elevated privileges," said Marc Maiffret, CTO at BeyondTrust. Agentic AI systems, which autonomously interface with infrastructure and provision access, are predicted to amplify the risks associated with unmanaged secrets and non-human identities. As organisations adopt these AI-driven systems, the potential for abuse of hidden privileges and secrets grows, underscoring the need for enhanced oversight. The new Secrets Insights feature is intended to provide this visibility. It builds upon the existing capabilities of BeyondTrust's Identity Security Insights platform, which allows organisations to monitor identity risk across Active Directory, Entra ID, AWS, Azure, Google Cloud Platform, Okta, Ping Identity, and GitHub. With Secrets Insights, users can discover API keys, service account credentials, tokens, and similar assets across both cloud and on-premises setups, including within vaults, thereby mapping previously unmonitored access vectors. Key benefits Secrets Insights offers a number of core functions: discovery of unmanaged secrets throughout cloud and on-premises environments; identification of users with both direct and indirect access to these secrets; risk scoring and prioritisation focused on levels of exposure and privilege; and integration with BeyondTrust Password Safe, which automates remediation tasks. Maiffret commented on the next steps for the sector: "As organisations embrace automation and Agentic AI, securing the invisible layers of access - secrets, tokens, and service identities - will define the next frontier of identity security." Secrets Insights is scheduled to become available later this year. As part of its ongoing initiatives, BeyondTrust provides complimentary Identity Security Risk Assessments for qualified organisations. These assessments can be completed in under 48 hours and are intended to help organisations identify hidden privileges and secret-related risks, supporting steps towards reducing standing privilege and enabling just-in-time access.
