Silverfort’s Ron Rasin unpacks why identity gaps persist—and how savvy leaders can finally outpace attacker tactics.
In a landscape shaped by relentless digital transformation and ever-expanding hybrid networks, identity security has emerged as one of the most urgent—and elusive—frontiers in enterprise risk management. As threats evolve faster than organizations can adapt, recent research from Silverfort casts a harsh spotlight on a critical vulnerability: the sweeping visibility gap among identity leaders, especially around “non-human” accounts and session tokens, which persist as soft targets for threat actors.
In this exclusive interview, Ron Rasin, Chief Strategy Officer at Silverfort—a technology leader trusted by over 1,000 global organizations for end-to-end identity security—examines the systemic roots behind this industrywide challenge and the persistent “maturity myth” that leaves many enterprises dangerously overconfident.
From the shortcomings of legacy IAM and MFA solutions to the pressing need for unified, real-time identity defenses, Rasin brings both candor and strategic clarity to what must change. His perspective is informed not only by Silverfort’s pioneering approach—integrating patented Runtime Access Protection (RAP) across on-prem, cloud, and SaaS ecosystems—but also by an unsparing assessment of how boardrooms and cybersecurity leaders must evolve if they hope to outpace today’s highly automated, identity-driven attackers.
Full interview;
Why does visibility in identity security—especially around service accounts and session tokens—remain so elusive for enterprises despite years of cybersecurity focus?
Visibility in identity security has remained elusive because modern enterprise environments work within increasingly complex, hybrid ecosystems. Today’s environments span on-prem Active Directory (AD), multiple clouds, SaaS apps, and custom integrations—each with its own identity models, permission structures, and blind spots. This makes establishing a unified, consistent view of identities extremely challenging, especially as organizations often have numerous accounts they may not even be aware of.
Non-human identities (NHIs), like service accounts, highlight this problem. Many were created as “set-and-forget” assets, provisioned once and left unmanaged, even as they continue to be reused, repurposed, or misconfigured over time. Silverfort’s research shows that nearly 80% of organizations lack visibility into how these service accounts are being used, which leaves attackers with an open window to enter that goes unnoticed.
This issue isn’t a failure of any single organization—it’s a systemic industry gap. Legacy Identity Access Management (IAM) and security tools weren’t designed to track identities across multiple systems. The industry lacks the same standards or frameworks that systematize identity security, as it does for other security areas (e.g., zero trust).
As environments become more complex, achieving a unified view of identity becomes much harder and more critical. As a result, many organizations struggle to maintain a centralized identity infrastructure.
Why does the “maturity myth” in identity security persist, and how does this false confidence shape security strategy and enterprise risk?
The “maturity myth” exists because our industry lacks a clear, shared standard for what identity security should deliver. Many organizations equate having IAM, Multi-Factor Authentication (MFA), or logging-in features as being “mature,” but identity security is a different discipline altogether. This false confidence is more than a perception problem—it’s a tooling gap, a resourcing challenge, and ultimately a business risk.
Silverfort’s research shows that checkboxes, rather than outcomes, measure maturity. A few drivers lead to this overconfidence: Many organizations assume the capabilities bundled with IAM platforms are enough without recognizing that identity threats have shifted far beyond initial authentication. There are also education gaps; some leaders simply aren’t aware of what’s now possible or required in identity security. The lack of visibility is an important factor too; without clear optics into where identities are being used, how privileges are changing, or when credentials appear on the dark web, it’s easy to mistake coverage for control.
These misalignments shape enterprise risk in very real ways. If leadership believes defenses are stronger than they are, resources and budgets may not go to where they’re most needed. When an identity-led attack succeeds, that illusion of maturity shatters, often at significant financial and reputational cost.
What shifts or innovations will redefine identity security maturity in the next three to five years?
One of the biggest things I’ve seen shift in the last few years is that we no longer protect castles with moats. Today’s environments are a sprawl of SaaS apps, cloud workloads, ephemeral access, and now AI-powered systems that can act autonomously. The perimeter is gone, visibility is fragmented, and attackers exploit that fluidity and move fast. The old defense frameworks don’t scale to this level of dynamism. This is why more organizations invest in comprehensive, end-to-end identity protection and holistic security tools. With the rapid pace of AI, siloed identity management tools and traditional MFA tools are no longer enough.
AI has already reshaped how businesses operate, but it’s also amplifying risk and fueling faster, more sophisticated attacks. Over the next three to five years, the industry must move from educating teams about AI risks to actively detecting and preventing AI-driven threats in real time.
Identity has been misunderstood and unloved for many years, but as evidenced by recent acquisitions by Palo Alto Networks and Okta, it’s finally getting the attention it deserves and needs. Identity was long seen as a back-office IT function. However, it will continue becoming a board-level priority and mission-critical for cybersecurity resilience in the next three to five years.
How is the evolving attacker playbook shaping enterprise identity strategy, and what can leaders do to stay ahead?
Attackers no longer need to “break in”; they “log in.” The modern playbook for attackers exploits compromised credentials, stale service accounts, and overprivileged identities to quietly move laterally through an environment. This shift underscores the need for enterprises to treat identity as the operational frontline of cybersecurity, not just a supporting function.
For leadership teams, that means rethinking strategy: moving beyond the traditional model of one-time authentication at login and assuming an account remains trustworthy. It’s about ensuring that every human or non-human identity is continuously validated, rather than assumed trustworthy once inside the perimeter.
Silverfort’s research shows that the C-suite is paying attention and taking this seriously. 84% of C-suite leaders now consider identity security a clear cybersecurity priority. The sentiment signals that robust identity security is now regarded as business-critical, not optional. That awareness also translates into budgets, board-level conversations, and a mandate for measurable progress. The challenge for leadership teams is to turn that investment into tangible resilience by prioritizing visibility, enforcing least privilege at scale, and ensuring identity defenses evolve as fast as attacker tactics.
How does Silverfort achieve agentless visibility and control across complex hybrid environments?
Our Runtime Access Protection (RAP) technology connects natively with existing IAM systems to provide end-to-end visibility and inline protection across all identities, human or non-human, in hybrid environments and disrupting siloed categories like NHI, Privileged Access Management (PAM), MFA, Identity Threat Detection and Response (ITDR), and Identity Security Posture Management (ISPM). RAP natively integrates into an enterprise’s identity infrastructure to secure it from within. It removes the complexity of securing every identity and extends protection to previously “unprotectable” assets like NHIs, legacy systems, command line tools, IT/OT infrastructure, and more.
Here’s how it works: when a user, administrator, or service account requests access, that authentication flows through the IAM infrastructure as usual, but RAP forwards the request to Silverfort for analysis. Silverfort’s team evaluates the risk in real time, applies the appropriate security controls if needed, and then returns a verdict to the IAM system to grant or deny access. Because it’s inline, the process is seamless for users and doesn’t require changes to devices or applications. The result is identity security with end-to-end visibility and active protection—minimal disruption to users or administrators.
What technologies are key to detecting and mitigating token-based attacks in real time?
Session tokens are difficult to track, and Silverfort’s research shows that only a small fraction of organizations have complete visibility into where and how tokens are being used. That lack of visibility makes them a natural target for attackers increasingly relying on stolen tokens and credentials rather than directly compromising systems.
To better get ahead of attackers and detect anomalies in real-time, it’s critical that organizations have a unified, comprehensive approach to MFA. No security measure is as foundational today as MFA, which protects against phishing, social engineering, and password-cracking attacks. However, it is not a fix-all solution. The best defense is layered. Rather than applying MFA selectively or relying on outdated methods, organizations need to extend MFA coverage across all resources.
Addressing these challenges requires more than just point tools. What’s also needed is continuous monitoring of all authentications and user activity to detect unexpected actions in real time and access policies for when patterns don’t align with normal behavior before they escalate into incidents.
How does Silverfort address the security and visibility challenges of service accounts?
Service accounts are one of the most critical blind spots in identity security and notoriously hard for organizations to secure. They typically run in the background with high levels of privilege, no human owner, and little monitoring.
Silverfort’s approach is unique in that the goal is to automate both discovery and protection. Through Silverfort’s Identity Security Solution, organizations can identify every NHI and machine-to-machine authentication, its sources, destinations, authentication protocols, and activity volume. Our technology identifies service accounts based on their repetitive behavior that sets them apart from human users. Once discovered, they’re classified by type, whether machine-to-machine, hybrid, scanners, etc., and their predictability and risk level are rated. From there, every authentication request a service account makes is analyzed in real time. Our team calculates a risk score, and if something appears suspicious, Silverfort can enforce inline controls to block access requested by the service account. This is different from traditional tools that only offer partial control.
How should organizations integrate dark web intelligence into identity security to address compromised credentials?
Dark web monitoring is valuable because leaked credentials are often the first entry point for attackers. But the real challenge isn’t just knowing a credential has been exposed-it’s understanding the blast radius: where those credentials are actively used, whether they’re reused across SaaS, on-prem, or local accounts, and what systems are now at risk. Silverfort helps organizations bridge that gap by mapping compromised credentials across all identities and resources, enforcing adaptive controls, and preventing lateral movement. This way, dark web intelligence is operationalized into real-time protection, turning a static alert into proactive identity defense.
