The New Perimeter Is You
The neon glow of the Las Vegas Strip may be the familiar backdrop for Black Hat USA, but this year, the conversations inside the Mandalay Bay felt different. The frantic, “whack-a-mole” energy of previous years, where vendors hawked a new point solution for every single threat, gave way to a more focused, and frankly, more unsettling question. It wasn’t about the latest malware or zero-day exploit. It was far more fundamental.
In a world where the traditional network perimeter has dissolved into the cloud, what’s left to defend? Who can we really trust?
The consensus is clear: The traditional network, that digital castle protected by a moat of firewalls, is a relic of a bygone era — like Eureka’s Castle, but without the charming Moat Twins.
Today’s enterprise is a sprawling, borderless ecosystem of cloud services, SaaS applications, remote workers, and a rapidly multiplying army of non-human agents with non-human identities (NHIs). Identity security and access management were at the heart of many conversations I had with vendors, users, and concerned business leaders. The clear mandate for all of us is to stop focusing on the castle walls and start securing what attackers are actually after: identities and access.
This week, on theCUBE’s Black Hat 2025 debrief, we’ll unpack the key themes from the conference and insights from our exclusive interviews with the industry’s foremost leaders. In this series, we progress from the foundational elements of security to the ultimate mission that unites this community.
I wrote recently that identity is the new perimeter, so today, we begin with the most critical question of all: Who? In a world built on code and connections, identity isn’t just a part of the perimeter; it’s the last defensible perimeter.
The New Guardians: AI-Driven Authorization
For years, Privileged Access Management (PAM) was a relatively simple, administrative task. You’d manage credentials for a handful of IT administrators and call it a day. But that model is dead. The new frontier is dynamic, intelligent authorization, and artificial intelligence is the only way to scale it. Unfortunately, over-privileging and admin-by-default access have become the default for busy, resource-strapped businesses.
The mid-market was also a common theme in my discussions, as they’ve become the have-nots of security, as well as the most favored attack surface. Large enterprises aren’t the target for AI-powered adversaries; their mid-sized vendors are. Our failure to help companies scale from admin/admin stage to mature and secured vendors is now the Fortune 500’s problem again.
Nowhere was this shift more apparent than at the Delinea booth, where the company unveiled Delinea Iris AI, a powerful engine built natively into its cloud platform. This launch tackles the immense challenge of securing complex hybrid environments, where a staggering 97% of organizations are already grappling with AI-related security incidents.
In our interview with Delinea’s Jon Kuhn, he explained this evolution not just as a technology upgrade, but as a necessary cultural shift. The goal, he said, is to move from being “The Department of No” to becoming a true business enabler. Instead of blocking innovation, we must transform the chaos of “shadow IT into a security onboarding pipeline,” providing visibility and control without stifling the speed and creativity that drive business.
The technology behind this goal isn’t just about verifying a user is who they say they are. That’s basic authentication. This is about a much more nuanced analysis of intent. Iris AI evaluates not just the user, but the need, the risk, and the sensitivity of the asset being accessed. This capability was purpose-built to combat what Delinea’s Chief Product Officer, Phil Calvin, called a “rapid expansion of the identity attack surface unlike anything we’ve ever seen.” That means treating every user as a potentially privileged user and applying intelligent, context-aware authorization to enforce least privilege in real time.
This isn’t happening in a vacuum. The rise of defensive AI is a direct response to the weaponization of AI by adversaries. Black Hat was buzzing with conversations about AI-powered social engineering, deepfakes, and automated phishing campaigns, which are now considered the most dangerous emerging identity-based threats. Deepen Desai of Zscaler, in his interview with theCUBE, specifically called out the use of AI to generate convincing “help desk” phishing calls as a key tactic in modern ransomware attacks.
When attackers can use AI to flawlessly mimic legitimate user behavior, traditional, rules-based security controls become obsolete. A system that only asks, “Does this user have the right password?” is easily fooled. The new question, answered by systems such as Iris AI, is probabilistic: “Given all available context (user behavior, location, device posture, time of day, and the nature of the request), what is the likelihood that this action is legitimate?” This is a high-stakes, high-speed arms race, where defensive AI must detect subtle behavioral anomalies at machine scale.
Beyond Humans: Securing Every “Thing”
The identity perimeter isn’t just about humans. A staggering reality underscored in many Black Hat sessions is that non-human identities (NHIs) now outnumber human users by orders of magnitude, with some estimates as high as 40,000 to 1. Securing this vast and growing population of machines is one of the industry’s most pressing challenges.
This is the core mission of Keyfactor, a company dedicated to helping organizations manage cryptography as critical infrastructure. As co-founder and CTO Ted Shorter explained, Public Key Infrastructure (PKI) and the digital certificates it governs are the foundation of machine identity. A certificate serves as a “driver’s license or passport for the digital world,” providing a verifiable, trusted identity for a key pair and, by extension, the device or application that holds it.
In our interview, Ted made it clear that the future of this digital trust is facing an existential threat: quantum computing. Their Black Hat presentation, provocatively titled “Is 2029 the year certificates break the internet?”, framed the coming transition to post-quantum cryptography (PQC) not as a far-off concern but as an immediate operational imperative. The central message was that achieving “crypto-agility” (the ability to transition from current cryptographic standards to new, quantum-resistant ones) is impossible without first having a complete and accurate inventory of every certificate and key in the enterprise. That work must start today.
Recognizing the immense complexity of managing PKI at scale, Keyfactor has focused on delivering its capabilities through a cloud-hosted PKI as-a-Service (PKIaaS) platform, Keyfactor Command. This model allows organizations to offload the specialized and resource-intensive work of maintaining a highly available and secure certificate authority to Keyfactor’s experts, while retaining full control over certificate lifecycle management. This capability is critical for any organization looking to establish and scale digital trust across the sprawling landscape of modern machine identities.
Enforcing Least Privilege at Scale
With a clearer picture of both human and machine identities, the final piece of the puzzle is enforcement. The principle of least privileged access, or granting a user or device only the minimum access required to perform its function, is a cornerstone of Zero Trust. Yet, implementing it in a dynamic, hybrid environment has been notoriously difficult.
Zero Networks arrived at Black Hat with a novel and compelling solution to this problem. The company’s platform automates network microsegmentation, effectively placing every asset, from servers to laptops, into its own isolated segment of one. It then layers on a powerful enforcement mechanism: just-in-time (JIT) multi-factor authentication (MFA) for any connection attempt. This approach keeps privileged ports, such as those for RDP or SSH, closed by default. Access is only granted for a limited time after a user successfully completes an MFA challenge, making MFA a “dynamic enforcer of least privilege.”
What makes this approach particularly disruptive is its agentless architecture. Zero Networks remotely manages the host-based firewalls that are already built into every modern operating system, eliminating the need for cumbersome agents and allowing for deployment across an entire network in minutes. This solution solves what has long been seen as the legendary difficulty and complexity of traditional microsegmentation projects. Furthermore, by operating at the network layer (OSI Layer 3), Zero Networks can apply MFA to legacy protocols such as SMB and WinRM, which are frequently exploited by attackers for lateral movement but are notoriously difficult to protect with traditional, application-layer MFA solutions.
Identity Isn’t a Tool, It’s the Strategy
People are your organization’s largest attack surface, and there is very little you can do to prevent their credentials from ending up in a marketplace. The distinct solutions offered by Delinea, Keyfactor, and Zero Networks, while addressing different aspects of the identity problem, collectively point to a significant market convergence. Securing the modern enterprise requires an integrated approach that unifies previously siloed domains and areas of identity that are rapidly evolving. New acronyms pop up every day, and the worlds of IAM, PAM, NHI, PKI, identity security, network security, model context protocol (WAY more on that tomorrow), and a million other niches in identity are going to have to converge because if you shut a door, an attacker will find a window.
This is the strategic link we must make for our leadership. An attacker with a compromised identity can bypass even the most advanced authorization controls if the underlying machine identity is weak due to a poorly managed certificate. Likewise, that same compromised identity can inflict catastrophic damage if it has free rein to move laterally across an unsegmented network.
An effective identity security strategy in 2025 must be holistic, recognizing that you cannot secure access without foundational trust, and you cannot contain a breach without network-level segmentation. This reality demands that CISOs begin to break down the organizational and technological barriers between their IAM, PKI, and network security teams, because point solutions addressing only one facet of this converged problem are proving increasingly insufficient.
Also, you could remind your employees that reusing personal credentials, hitting ‘dismiss’ when their browser tells them a password is compromised, and allowing notifications on their desktop or mobile browser are all bad ideas.
Conclusion: Identity as the Bedrock of Zero Trust
As Black Hat 2025 drew to a close, the message was unmistakable. In an era of accelerating complexity, identity is the new perimeter, and securing it is the foundational step in building a resilient, modern security program. The principles of Zero Trust (least privilege, continuous verification, and assuming breach) are not abstract concepts; they are practical necessities that must be built upon a bedrock of strong identity security.
Once an organization has a firm grasp on the humans and machines on its network and what they are authorized to do, the next logical question arises: What are they trying to access? Tomorrow, we will explore the technologies and strategies aimed at taming the infinite attack surface of the modern enterprise, and more importantly, what to secure when you can’t secure everything.
Check out theCUBE for all of our Black Hat USA 2025 coverage!
