Identity Resolution – The Missing Link in Modern Identity Security

July 10, 2025

In today’s threat landscape, identity is the new perimeter, and compromised credentials are the top entry point. According to the 2025 Verizon Data Breach Investigations Report (DBIR), stolen credentials were involved in 22% of breaches (p.10) and a staggering 88% of web application attacks relied on them (p.52). These are not phishing attempts or zero-day exploits, just attackers logging in with valid credentials. Despite heavy investment in identity and access management (IAM) systems, multifactor authentication (MFA) and single sign-on (SSO), many organizations still lack visibility into who has access to what, how those permissions are granted and what identities are doing once inside.

 

Security teams know this, and many have responded by investing in IAM, MFA and conditional access policies. Others are deploying identity threat detection and response (ITDR) tools to catch credential-based attacks before they escalate.

 

But there is a problem: these tools do not tell the whole story.

 

They can tell you who logged in, and sometimes from where. But they do not show you what that person can access, how they gained it or what risks their access represents.

 

This is the gap that identity resolution fills and it is exactly what Varonis is bringing to the forefront with Varonis Identity Protection.

 

 

Defining Identity Resolution

At its core, identity resolution is the ability to connect the dots between a person and all their digital identities across an organization’s environment, whether in the cloud, on-premises or across SaaS apps.

 

Imagine a typical enterprise user; they might have a primary Entra ID account, a local active directory presence, a machine identity for automation scripts, a federated login to Salesforce and dormant accounts in systems like AWS or Snowflake. Traditional identity tools treat each of those as separate objects.

 

Varonis treats them as one human, with a unified identity footprint. This unified visibility spans Entra ID, Okta, AWS IAM, GCP and more. This gives security teams a complete picture across hybrid and multi-cloud environments. With Varonis, security teams can see every account tied to a person across environments, understand the entitlements and permissions those accounts carry, visualize how that person is connected to sensitive data, systems and groups and track how their access changes over time to flag potential anomalies.

 

And it is not just a list – Varonis uses interactive visualizations, like the Related Identities wheel and Bidirectional Access graphs, making it easy to understand complex access relationships. The Related Identities wheel in Figure 1 below shows the user at the center and branching out from there every one of his IDs on every platform. These can be drilled into for full context on the related identity. This enables visibility and control into a user’s entire identity footprint, whether internal or external to the organization.

 

Image
Related identites wheel

 

Figure 1: Related Identities wheel, each datastore and app is clickable

 

 

Figure 2 below shows how bidirectional access graphs work within the Varonis platform. Click anywhere in the chain and see the flow of access, how it is derived, who is granted access and how.

 

Image
Bidirectional Access view

 

Figure 2 – Bidirectional Access view – See the path of access in either direction

 

 

Posture Management

In any organization’s identity security journey, Identity Resolution is foundational. Once you have this in place, the next question is, “What should that person have access to?”

 

This is where identity posture management comes into play.

 

Most IAM systems can tell you what a policy says, but not whether it makes sense. They often fail to surface users with excessive access, group sprawl that unintentionally grants broad entitlements, stale or orphaned accounts that should have been removed or risky identity behaviors such as missing MFA or unusual login patterns.

 

Varonis not only reveals this posture information, but it also lets you fix it automatically. For example, it can:

  • Show which Azure roles or AWS policies are granting access to sensitive data
  • Highlight which users are accessing data through indirect group memberships
  • Recommend posture changes like setting group visibility to private
  • Enforce least privilege by reducing access without impacting productivity

 

Varonis is a complete data security platform that shows identity resolution and posture in one place, across multiple clouds, SaaS platforms and on-premises environments. That visibility is unmatched.

 

 

Real-World Use Case: Investigating an Insider Threat

Let us say an analyst needs to investigate suspicious behavior tied to a user named Jeremy. In most platforms, that would require combing through multiple dashboards, Active Directory, Azure, Okta and even maybe logs from AWS or Google Cloud.

 

With Varonis, the analyst opens Jeremy’s profile and immediately sees:

  • All known identities and accounts tied to him
  • A timeline of login activity, failed attempts and MFA status
  • Sensitive data Jeremy has touched, and which identities were used
  • All entitlements, whether granted directly or through nested groups
  • A visual ‘blast radius’ of what Jeremy could access if compromised

 

This single-pane resolution becomes a powerful incident response and risk management tool, enabling faster, more confident decisions.

 

 

Beyond the Login Event

Lastly, Varonis Identity Protection also includes robust ITDR features. But what sets it apart is that these detections are rooted in data context, not just authentication logs. Further, Varonis was recognized as a leader in the latest GigaOm ITDR Radar.

 

Other tools can tell you when a brute-force attack or password spray is happening. Varonis goes further, telling you:

  • When a user suddenly starts accessing sensitive data they have never touched before
  • When permissions are escalated, or group memberships are altered abnormally
  • When large file transfers occur post login
  • When a ‘ghost account’ comes back to life

 

This is thanks to Varonis’ user and entity behavior analytics (UEBA) and deep telemetry across file systems, SaaS apps and structured data stores.

 

You are not just watching who gets in; you are watching what they do once inside.

 

 

Putting It All Together

In isolation, these features are useful. But having Identity Resolution as a foundation along with Posture Management and Threat Detection and Response, they form a cohesive identity-first security platform.

 

  • Resolution gives you a complete picture of each person across your identity sprawl
  • Posture helps you minimize risk by remediating over-permissioned accounts
  • Detection alerts you when something suspicious is happening, even after authentication

 

Most tools serve one or two functions. Varonis does all three and ties it directly to data risk.

 

It is also worth noting that these features are not an add-on or extra license. If you are a Varonis customer today, you may already have access to many of these capabilities and Optiv can help you operationalize them.

 

 

Final Thoughts: Identity Security Is Data Security

At Optiv, we have spent years helping clients design Zero Trust architectures, harden IAM controls and reduce their data exposure. One thing we have learned is that without resolution, posture and data context, identity tools leave blind spots.

 

Varonis Identity Protection closes those gaps. It is not a point solution, it is an identity-aware, data-first security approach that fits the complexity of the modern enterprise.

 

If you are wondering how many identities a person really has in your environment, or what they can do with them, we would love to show you.

 

Every day that identity risks go unaddressed is another day adversaries have the upper hand. Reach out today to see how Varonis’s Identity Protection platform, backed by Optiv’s deep expertise, can help you uncover hidden access, correct posture gaps and shut down identity-based threats.

 

Jeremy Bieber
Partner Architect for Varonis | Optiv
Jeremy is Optiv's Partner Architect for Varonis, specializing in understanding unstructured data, data governance/compliance and data protection.

With over 22 years of experience, Jeremy began professionally working with technology during the late 1990s at Electronic Data Systems and later at Hewlett-Packard. In 2016 he joined Varonis, consulting with clients and implementing the Varonis Data Security Platform to ensure client achievement of least-privileged access models and proactive threat detection, locating and ensuring sensitive-data compliance on-premise and in the cloud.

Over the course of his career, Jeremy has achieved a range of industry certifications including over a dozen Microsoft certifications, certifications from VMware, Hewlett-Packard, Smarsh and Varonis. He can pull from his lengthy experience including system administration, architecture, engineering and consulting to provide a seasoned focus on data security.

At Optiv, he uses this real-world experience to relate how the Varonis Data Security Platform will enhance the overall security goals for our clients, reduce risk, detect abnormal behavior and ensure compliance.

Optiv Security: Secure greatness.®

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.