Back

Veza Introduces Access AI to Deliver Generative AI-Powered Identity Security to the Modern Enterprise 

J.P. Morgan Invests in Veza

Palo Alto, CA – August 6, 2024 – Veza, the identity security company, today announced the launch of Access AITM, a generative AI-powered solution to maintain the principle of least privilege at enterprise scale. With Access AI, security and identity teams can now use an AI-powered chat-like interface to understand who can take what action on data, prioritize risky or unnecessary access, and remove risky access quickly for both human and machine identities. By bringing the power of generative AI to identity security in the enterprise, Veza makes it possible to prevent, detect, and respond to identity-related issues before they turn into disruptive incidents like breaches or ransomware. 

Identity security has become a top priority for companies that have embraced cloud services, SaaS applications, and AI. According to a report from the Identity Defined Security Alliance (IDSA), 90% of organizations experienced an identity-related incident in the past year, and 84% suffered a direct business impact as a result. To combat this growing problem, companies are investing in new business processes like Access Entitlements Management, Identity Security Posture Management (ISPM), and Identity Threat Detection and Response (ITDR).

Similarly, according to Gartner®, “The broad adoption of cloud services, digital supply chains and remote access by employees working from anywhere has eroded the value of legacy security controls at the perimeter of the corporate network, positioning identity as the primary control plane for cybersecurity.”1 

Access AI

With this announcement, Access AI is available across the Veza Access Platform. It uses machine learning and generative AI to surface and contextualize recommendations for fixing identity-based threats. Teams across identity, security engineering, application security, and compliance use Access AI to investigate who has access, how they got it, and whether it should be revoked. Like all Veza products, Access AI understands both human identities and non-human identities, such as service accounts.

Access AI can:

  • Answer natural-language questions about entitlements and association to identity
  • Understand the access of non-human identities and machine identities
  • Recommend roles that follow the principle of least privilege
  • Surface dormant or excessive permissions to revoke 
  • Create ITSM tickets (such as ServiceNow) with instructions for remediation
  • Recommend actions during user access reviews and recertifications

“Two years ago we changed the game in identity access with our Access Graph, and now we are doing it again with Access AI,” said Tarun Thakur, co-founder and CEO, Veza. “Veza is the first company to apply AI to manage and secure entitlements across SaaS systems, cloud data systems, identity systems, and infrastructure services. Customers tell us this is the year of identity. They want access intelligence to hunt for threats automatically across tens of thousands of identities and entitlements within hundreds of systems, which is critical with the recent explosion of non-human identities. To solve this requires speed and intelligence that is only possible with AI.”

“To operate with least privilege, companies must be focused on their identity posture. With the modern enterprise moving away from standing access, success now depends on having the appropriate tools and automated solutions,” said Matthew Sullivan, Infrastructure Security Team Lead at Instacart. “Nearly every discovery made by Veza’s AI has prompted an immediate response from our team. With hundreds of thousands of entitlements to oversee, leveraging AI-driven automation has been essential to staying proactive.”

J.P. Morgan Investment

This launch comes on the heels of an investment from J.P. Morgan, a leading global financial services firm, which brings the company’s total funding to $132 million. This investment will be used to accelerate product innovation as Veza continues to redefine identity security and organizations across the globe begin their identity security transformation.

New Capabilities

As Veza continues to modernize the identity market with its industry-first Access Graph and Access Intelligence, it has also unveiled additions to the Veza Access Platform in conjunction with the release of Access AI.

Enhanced security for non-human identities (NHIs) 

  • NHI Insights and NHI Access Security, an inventory of all NHIs like Azure AD service principals and AWS IAM service accounts.
  • Support for new NHI entities: access keys and secrets. 
  • Ability to monitor key rotation to reduce the risk of stale credentials.
  • Ability to determine access of keys, tokens, certificates.
  • Custom rules and manual overrides for NHI identification to aid in searching, tracking, and alerting.
  • Support for managing NHI owners to manage timely key rotation, workload uptime, and service account governance.

Lifecycle management for next-gen IGA

  • Role recommendations for access requests based on the principle of least privilege, powered by machine-learning.
  • 10 new targets for Veza Lifecycle Management. Support for provisioning and deprovisioning to Active Directory (AD), Entra ID, Okta, Azure, Salesforce, Microsoft Exchange, Exchange Online, SAP, Google Workspace, and Snowflake. Veza Lifecycle Management goes beyond SCIM protocols to advance the state of provisioning that covers hierarchical groups and roles with a set of automated CRUD aware policies.
  • Support for the Veza Open Authorization API (OAA) which allows quick support for provisioning to new applications, including custom applications.

Activity monitoring for ITDR, Security Engineering, and Security Operations 

  • New ability to monitor activity in Okta, collecting and summarizing log data to know who accessed what resources, including last-used date.
  • Calculate the Over-Privileged Access Scores (OPAS) for Okta to prioritize your most over-privileged roles and users.
  • Monitoring for access activity in Snowflake and AWS IAM.

Access intelligence for Cloud PAM, privilege threat hunting, privileged access assurance

  • Out-of-the-box role mining insights and analytics for Snowflake.
  • 20+ out-of-the-box dashboards by persona, risk type (privilege drift, insider threat, cloud entitlements, ISPM, NHI, access creep), and systems (SaaS, data systems, infrastructure).
  • Veza Query Language (VQL) as API endpoints to query, sort, filter, and perform complex compound queries for use cases such as segregation of duties and privilege threat hunting.
  • New Risk Profile based on privilege threat hunting framework that leverages the power of Veza Access Graph, identity risk scores, over-permission access scores, and Veza Query Language.

Learn more

Citations

  1. Gartner, Identity-First Security Maximizes Cybersecurity Effectiveness, Rebecca Archambault, Felix Gaehtgens, James Hoover, Ant Allan, 1 May 2024

GARTNER is a registered trademark and service mark of Gartner, Inc and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

About Veza 

Veza is the identity security company, helping organizations secure access across the enterprise. Veza’s Access Platform goes beyond identity governance and administration (IGA) tools to visualize, monitor, and control entitlements so that organizations can stay compliant, achieve least privilege, and de-risk the breach. Global enterprises like Wynn Resorts, Expedia, and Blackstone trust Veza to manage identity security posture, with use cases in privileged access management (PAM), non-human identities (NHI), cloud entitlements (CIEM), data system entitlements, SaaS entitlements, and IGA. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, Google Ventures (GV), Norwest Venture Partners, and True Ventures. Visit us at veza.com and follow us on LinkedIn, Twitter, and YouTube.

Media Contact

Justin McCann

R1 Communications for Veza

justin@r1communications.com