Skip to main content

Jul 10, 2026

The Hardest Part of ISPM Isn't Finding Misconfigurations

A scanner that hands a CISO 4,000 findings hasn't solved the problem. It has just relocated.

The conventional read on identity security posture management is that it's a coverage problem. Connect every IdP, enumerate every misconfiguration: dormant accounts, over-scoped tokens, stale admins. Complete the list and you're done.

The list is the easy part.

Any scanner returns 4,000 findings. The question a security lead asks on a Tuesday is which three to fix before lunch, and the list answers none of it.

What Sorting by Count Gets Wrong

Rank by raw violation count and you optimize for the wrong identity. A user with 400 stale low-stakes violations floats to the top; an admin failing checks this week sits below. You've surfaced the loudest history, not the live threat.

Security teams want what's most exploitable and most likely to be exploited, not the longest list. Count answers neither. Three things do:

Recency: a violation that fired this week is a signal; one open for ninety days is debt

Reach: a flaw on an identity that touches one mailbox isn't the same as one that can reach global admin through unmapped group nesting

Affinity: a missing phishing-resistant MFA factor enables account takeover; a missing log-retention setting doesn't

Ranking Is the Hard Part

Those three tell you how exploitable a gap is. Whether it's about to be exploited is behavioral. An identity drifting from its baseline is a live risk. The same gap sitting quiet is not. And reach can't come from the scan alone. What an identity can actually touch is a graph question: inherited roles and shadow-admin paths no assigned role reveals. Attune maps that graph continuously, so the priority queue reflects what's actually reachable — not just what's technically misconfigured.

So the scanner is table stakes. The judgment is the hard part: exploitability, likelihood, and reach fused into one queue a human can trust.

Anyone can surface 4,000 problems. Knowing which handful matters today, and why, is the whole job.

See the latest from Abnormal's product and engineering teams.

Protect Against Evolving Email Threats

See how behavioral AI detects attacks that legacy defenses miss.