SPNT

Oversight (NADZOR)

Identity is the new perimeter. NADZOR watches it continuously.

Most breaches involve compromised identities. Stolen credentials. Excessive permissions. Dormant accounts with lingering access. Service accounts with god-mode privileges nobody remembers creating.

Traditional IAM tools manage identity provisioning. They don't continuously validate that access policies match actual enforcement. They don't map identity-based attack paths. They don't detect when an account's behavior suddenly changes.

SPNT's oversight module (NADZOR) fills that gap — continuous identity security monitoring that writes directly to the substrate.

What NADZOR monitors

  • Privilege escalation paths. Which accounts could escalate to admin? Through what chain of permissions? NADZOR maps these paths across your identity providers and cloud platforms.
  • Dormant accounts. Accounts that haven't authenticated in 90 days but still have active permissions. Each one is a risk waiting for a credential spray attack.
  • Excessive permissions. Accounts with more access than their actual usage patterns require. NADZOR compares granted permissions to observed behavior.
  • Service account hygiene. Non-human identities with excessive scope, missing rotation, or unclear ownership. The accounts attackers love to find.
  • Cross-platform access correlation. A single human identity often has accounts in Entra ID, AWS IAM, GitHub, Okta, and more. NADZOR correlates these to show the true blast radius of a compromised identity.

Identity attack path analysis

NADZOR doesn't just list identity issues. It maps attack paths: starting from a low-privilege account, what chain of permissions and group memberships would let an attacker reach a crown jewel system?

Attack paths are written to the substrate as findings. They flow through prioritization, governance mapping, and investigation like any other finding — but with the added context of the specific permission chain involved.

Integration with telemetry

NADZOR reads identity-platform telemetry from the Operational Telemetry Layer — Entra ID, Okta, AWS CloudTrail, GitHub audit logs. When it detects a policy violation (an account accessing a resource it shouldn't, a privilege escalation that shouldn't have succeeded), the finding includes the specific telemetry events that prove it happened.

Identity findings from NADZOR are automatically mapped to compliance obligations in REGULATIVA — covering access control requirements in SOC 2, ISO 27001, NIS2, and more.

See identity oversight in action

A demonstration showing privilege escalation path mapping, dormant account detection, and identity-based attack path analysis.

Schedule a technical reviewNext: Classification