RSAC Fireside Chat: Human and machine identity risks are converging — and they’re finally visible – Go Health Pro

By Byron V. Acohido

Non-human service accounts have quietly become one of the biggest liabilities in enterprise security.

Related: Why identity is the cornerstone of cyber defense

These machine credentials — used to automate connections between systems — now outnumber humans by 30 to 1. That gap is likely even wider in cloud-intensive environments. Yet despite their scale, service accounts remain largely invisible to traditional IAM and PAM systems.

“Whether you’re a bank, a mining company, or an airline, this is a soft, underlying hygiene problem,” says Tim Eades, CEO of Anetac. “On-premise was ugly and hard. The cloud is just a mess.”

Eades explained how Anetac’s founding team interviewed dozens of CISOs before launching a platform purpose-built to tackle this blind spot. What emerged is a streaming telemetry model that maps real-time behavior of service accounts — surfacing over-permissioned credentials, privilege inheritance chains, and dormant accounts that static scans routinely miss.

Over the past 12 months, Anetac has gone from stealth to momentum. Its telemetry engine is helping early adopters shrink the blast radius of service account abuse and meet tighter requirements now being pushed by regulators and cyber insurers alike. Identity-related weaknesses — particularly around machine credentials — remain a common entry point for attackers.

At RSAC 2025, Eades unveiled Human Link Pro, a new product aimed at closing the loop between non-human and human credential risks. The connection is direct: developers often use their own credentials to spawn service accounts. To fully understand the machine side, Anetac realized, they had to trace it back to the human source.

Human Link Pro targets one of the most persistent exposure points in identity management — the Joiner, Mover, Leaver (JML) lifecycle. Eades pointed out that contractors and suppliers often retain access long after they’ve changed roles or left an organization entirely — especially when HR systems like Workday aren’t connected to Active Directory or identity governance tools. These are common transition points where identities often slip through the cracks.

The platform has already surfaced shocking cases — including credentials still active for employees who left as far back as 18 years ago.

Rather than replacing IAM or PAM systems, Anetac’s model complements them — offering continuous telemetry that reveals risky patterns across both non-human and human credentials.

It’s not a pivot. It’s a progression — and a clear signal that identity hygiene is finally getting the visibility it deserves. I’ll keep watch – and keep reporting.

Listen to the full conversation in our RSAC 2025 Fireside Chat podcast.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.


(LW provides consulting services to the vendors we cover.)

 

Leave a Comment