Security Core: Identity

Security Core: Identity is Anneal Tech's unified identity defense and 24/7 SOC monitoring service. The service covers privileged access management, multi factor authentication enforcement, zero trust access policy, identity threat detection and response, and continuous identity activity monitoring across cloud and on premises directories. Designed for organizations that need managed identity security without the device side coverage that comes with Security Core: Complete.

Why identity is the new perimeter

The perimeter is gone. Identity is the control plane that determines what users can access, from where, on what device, with what evidence of trust. A stolen credential gives an attacker the same access an employee has, and most ransomware and data theft incidents begin with credential compromise rather than malware infection. Defending identity well requires continuous monitoring of identity activity, real time response to suspicious behavior, modern conditional access policy, and the privileged access management that prevents one compromised account from becoming a domain wide breach.

Security Core: Identity delivers that capability as a managed program. The 24/7 SOC monitors identity activity around the clock. Conditional access and MFA are deployed and maintained against current best practice. Privileged access management contains the blast radius of any compromised credential. The result is identity that is operated, not just configured.

What is included

  • Privileged Access Management (PAM) - vault, just in time provisioning, and session monitoring for privileged accounts.
  • Multi factor authentication enforcement - MFA enrollment, policy, and exception management across identity platforms.
  • Zero trust access policy - conditional access designed and maintained against current best practice.
  • Identity Threat Detection and Response (ITDR) - continuous monitoring of identity activity through the 24/7 SOC.
  • Identity activity monitoring - cloud and on premises directory activity correlated and analyzed.
  • 24/7 SOC coverage - human analysts triage and respond to identity events around the clock.
  • Compliance reporting - audit ready logs and dashboards for HIPAA, SOC 2, FTC Safeguards, and similar frameworks.
  • Quarterly access reviews - documented review cycles for least privilege enforcement.

How the service operates

Identity activity from Microsoft 365, Google Workspace, Entra ID, Active Directory, and other identity sources is ingested into the SOC platform. The 24/7 SOC monitors continuously, with Tier 1 analysts triaging alerts, Tier 2 analysts investigating confirmed events, and Tier 3 senior practitioners handling incident response and threat hunting. Conditional access and MFA policies are deployed and maintained as part of the service. PAM controls privileged account use with documented session monitoring. Quarterly access reviews produce audit evidence and inform policy refinement.

What you receive

  • PAM vault with documented privileged account governance.
  • MFA enrollment across the identity platform with documented enforcement.
  • Zero trust policies designed and maintained against current best practice.
  • Activity monitoring through the 24/7 SOC.
  • Monthly security posture report covering identity events, alert volume, and trend.
  • Quarterly access review as audit evidence.
  • Audit trail of identity monitoring and response activity.

Who Security Core: Identity is for

Organizations whose identity environment needs managed security without the endpoint side coverage that comes with Security Core: Complete. Businesses preparing for cyber insurance renewal requiring evidence of MFA, ITDR, and access review. Companies adopting zero trust architecture and needing operational identity security to back the design. Regulated industries needing audit ready evidence of identity controls.

Frequently asked questions

Do contractors need their own identity?

Yes. Contractors and partners get their own cloud or on-premises identities with MFA, PAM session recording, and time-bound access.

Can we enforce zero-trust rules per application or cloud service?

Yes. Zero-trust policies enforce attribute-based access at the app level across major identity providers and SaaS platforms.

How long does MFA enrollment take?

Most organizations complete hardware key and app-based MFA enrollment within 2 to 4 weeks. We manage communications and training.

What if our users are mostly in Azure AD?

Identity SKU integrates with Azure AD as your identity source of truth. On-premises AD and cloud apps are layered on top.

Can we audit service account usage?

Yes. Service accounts are stored in the PAM vault with session recording, so every service login is logged and auditable.

Does this prevent lateral movement?

Zero-trust policies and session monitoring reduce lateral movement risk. Anomalies trigger immediate alerts.

What if we need to revoke a contractor access quickly?

Time-bound identity access is revoked automatically when the contractor role expires. Manual emergency revocation is one API call.

How do you handle identity access reviews for compliance?

We provide pre-built access review workflows aligned to legal, healthcare, and finance frameworks. Managers certify or revoke quarterly.

Engagement model and program integration

Security Core Identity is delivered on a per user, per month subscription that covers Microsoft 365 or Google Workspace identity, plus any SaaS application integrated through single sign on. Onboarding sets up multi factor authentication enrollment for every user, deploys conditional access policies tuned to your risk tolerance, removes legacy authentication protocols, and configures privileged identity management for administrative accounts. Where appropriate, passwordless authentication using Windows Hello for Business, FIDO2 keys, or the Microsoft Authenticator app is deployed to remove passwords from the daily workflow.

The service is monitored continuously by the Anneal Tech SOC. Identity sign in activity, conditional access evaluations, and risky sign in detections stream into the same platform that handles endpoint EDR alerts, so an unusual login is correlated with device and cloud signals before it is acted on. Offboarding is operated as a structured workflow: account suspension, session revocation, mailbox preservation, and data handoff all happen the moment HR notifies us a person has left, regardless of the hour.

Security Core Identity pairs with Security Core Device to cover the two surfaces that account for the majority of breaches. Most organizations adopt both together as Security Core Complete or fold them into a Business Pro Complete bundle that also includes managed IT support. The bundled model removes the operational seams that usually exist between identity vendors, endpoint vendors, and IT support providers.

Why Anneal Tech

Security Core: Identity is operated by Anneal Tech, with the same SOC and operational discipline as Security Core: Device and Security Core: Complete. The service pairs cleanly with Business Pro: Identity, Identity Migration, Incident Response, and our broader cybersecurity portfolio.

Contact Anneal Tech or book a Security Core: Identity scoping call. Call 512-593-8001.