Over the last few years, identity has shifted from an enabling layer to one of the most consistently exploited attack surfaces in the enterprise. Despite decades of investment in Identity and Access Management (IAM) platforms, breaches continue to occur at an uncomfortable frequency. A recurring theme across incident reports is credential abuse. Multiple studies, including Verizon’s Data Breach Investigations Report, point to the same conclusion: the majority of breaches originate from compromised identities.
This reality has triggered a wave of new categories in the identity market: Identity Threat Detection and Response (ITDR), Identity Security Posture Management (ISPM), and, most recently, Identity Visibility and Intelligence Platforms. For many security leaders, this raises an uncomfortable question. Are these categories solving a real problem, or are they simply adding to an already fragmented IAM landscape?
To answer that question honestly, we need to step back and look at why these categories emerged in the first place, what gaps they are trying to address, and whether the industry is focusing on tools or outcomes.
What Persistent Identity Security Problem is Going Unsolved?
Most enterprises already have a mature IAM stack on paper for human identities. They run identity providers for authentication. They use MFA. They operate identity governance platforms. Many have privileged access management in place. And yet, attackers continue to succeed by abusing credentials, misconfigurations, orphaned accounts, excessive entitlements, and machine identities that no one fully owns.
The issue is not the absence of IAM controls. The issue is that identity has grown into a complex ecosystem of systems, spanning cloud platforms, SaaS applications, APIs, on premises infrastructure, and exponentially increasing, non-human identities (NHIs). Over time, this complexity has created blind spots that are difficult to see or monitor using traditional IAM tools alone.
Identity teams are often asked to secure an environment they cannot fully see.
Why are New Identity Categories Starting to Appear?
The emergence of ITDR, ISPM, NHI and IVIP is best understood as a response to this visibility gap rather than as a replacement for core IAM.
What is Identity Threat Detection and Response (ITDR)?
The current definition of ITDR focuses on detecting and responding to identity based attacks. ITDR initially looked at Active Directory attacks - such as Kerberoasting and stealing tickets. Later, with the advent of cloud and SaaS, the same was carried forward to This includes techniques such as credential compromise, session hijacking, token abuse, privilege escalation, and anomalous access behavior. The intent is to bring identity signals into security operations workflows, much like endpoint or network telemetry.
ITDR exists because traditional IAM tools were designed primarily for access enablement and lifecycle management, not for threat detection at runtime.
What is Identity Security Posture Management (ISPM)?
ISPM focuses on configuration risk and hygiene. It surfaces issues such as disabled MFA, excessive permissions, misconfigured policies, exposed machine credentials, and dormant accounts. ISPM tools attempt to quantify identity risk in a way that is understandable and actionable.
This category emerged because identity misconfigurations are rarely isolated. They accumulate quietly over time across distributed teams and decentralized environments.
What is Identity Visibility and Intelligence Platforms (IVIP)?
IVIP takes a broader view. Rather than focusing on a specific control or attack type, IVIP aims to provide a unified view of identity data across connected and disconnected systems. This includes identities, entitlements, authentication methods, access relationships, activity patterns, and configuration posture.
Gartner’s framing is particularly useful here. Identity visibility and intelligence is not about replacing IAM systems. It is about making the identity attack surface observable. Without that observability, it is difficult to prioritize remediation or demonstrate risk reduction over time.
Why aren’t Existing IAM Tools Enough?
At first glance, it is reasonable to ask why these capabilities were not simply built into identity providers or governance tools. In practice, IAM evolved in silos.
Identity providers focus on authentication and runtime access enforcement. Governance platforms focus on lifecycle and certification. PAM tools focus on elevated access. Cloud platforms introduce their own identity constructs. SaaS applications bring yet another layer of access and configuration.
As enterprises scaled, identity decisions increasingly shifted to application teams, cloud teams, and business units. This decentralization accelerated delivery but eroded centralized visibility and accountability. The result is an IAM environment where no single system has a complete picture of what identities exist, what access they have, how that access is used, and where the highest risks lie.
The new identity categories emerged to address that gap.
Are We Solving the Problem or Just Adding Tools?
This is the critical question. Adding more tools does not automatically reduce risk. In fact, it often increases operational complexity and decision fatigue.
The problem identity teams are trying to solve is not a tooling problem. It is an outcome problem.
Security leaders do not want another dashboard. They want to know which identity risks matter, where they exist, and what action will meaningfully reduce exposure. They want to demonstrate that the identity attack surface is shrinking, not just that more controls are deployed.
This is where the distinction between categories becomes less important than the philosophy behind them.
A Different Way to Think About Identity Security
At WideField, we believe these capabilities should converge toward a common goal rather than fragment into isolated products. Visibility, detection, and action should work together.
Visibility without action creates awareness but not improvement. Detection without context leads to alert fatigue. Action without understanding increases the risk of breaking critical access paths.
What matters is the ability to discover identities and access across the environment, observe how they behave over time, assess risk in context, and take proportional action. That action may involve automated remediation, human approval, or integration into broader security operations.
This is not about creating yet another category. It is about enabling identity teams to operate with clarity in environments that are inherently complex and constantly changing.
Why does Identity Remain the Weakest Link?
The continued focus on passwordless authentication is not accidental. When the majority of breaches involve credentials, it is clear that identity is where attackers find leverage.
However, authentication alone is not enough. Many breaches occur not because MFA is absent, but because access is excessive, misaligned, or poorly monitored. Machine identities, API tokens, and service accounts now outnumber human users in many environments, and they often lack the same governance rigor.
Reducing identity risk requires understanding not just how identities authenticate, but what they can access, how that access changes over time, and how it is actually used in real time.
Do We Need a New Category or a Better Solution?
The honest answer is that categories matter far less than outcomes.
If ITDR, ISPM, NHI and IVIP exist as separate silos, they will fail to deliver on their promise. If they converge into a coherent identity security strategy focused on visibility, observability, and remediation, they can meaningfully reduce risk and detect attacks.
Gartner’s projection that a majority of CISOs will adopt identity visibility and intelligence platforms reflects this reality. Not because identity leaders want another tool, but because they need a way to reason about identity risk at scale.
The future of identity security will not be defined by acronyms. It will be defined by whether organizations can see their identity attack surface clearly, make informed decisions, and act before attackers do.
This is the problem worth solving. And, it is why WideField exists.
Author Bio
Abhay Kulkarni
