ManageEngine, a division of Zoho Corporation and a leading provider of enterprise IT management solutions, has announced new security features in AD360. The updates include identity risk exposure management and local user multi-factor authentication (MFA). These enhancements are now generally available.

According to the company, the new capabilities aim to help security teams detect privilege escalation risks and secure unmanaged local accounts. These are two common attack vectors frequently exploited in identity-based attacks.

Verizon’s 2025 Data Breach Investigations Report revealed that credential abuse was the initial access vector in 22% of breaches. It also reported widespread misuse of poorly managed local accounts and privilege paths across over 12,000 confirmed breaches.

“With this release, ManageEngine AD360 moves beyond traditional IAM by embedding identity threat defenses into core identity operations,” said Manikandan Thangaraj, Vice President of ManageEngine.

He added that AD360 turns identity data into actionable security insights, helping customers position IAM as a frontline defense rather than just a compliance requirement.

While many IAM tools focus on provisioning and policy enforcement, AD360 introduces risk exposure mapping through attack path analysis and enforces local MFA. These additions aim to close hidden attack paths and strengthen enterprise security.

Key new features include:
• Identity risk exposure management: A graph-based engine maps lateral movement and privilege escalation paths in Active Directory. It automatically prioritizes risky configurations and provides remediation guidance.
• Local user MFA: MFA is extended to local accounts on non-domain joined servers, DMZ assets, and test environments. This helps block credential stuffing and persistence techniques.

In addition, AD360 now includes:
• ML-driven access recommendations: Machine learning analyzes permission usage during provisioning and reviews. It suggests changes to implement least privilege access.
• Enhanced access certification: Expanded entitlements and new risk indicators improve identity risk monitoring in both AD and Microsoft 365.

ManageEngine confirmed that the latest features support NIST SP 800-207 for Zero Trust architecture. They also align with PCI DSS Version 4.0 Requirement 8 and support SOX, HIPAA, and GDPR compliance controls.

Related post

View all