BeyondTrust named Leader in 2026 GigaOm CIEM Radar

BeyondTrust has been named a Leader and Outperformer in the 2026 GigaOm Radar for Cloud Infrastructure Entitlement Management (CIEM).

The assessment placed BeyondTrust in the Innovation and Platform Play quadrant for its Pathfinder platform. GigaOm reviewed 22 vendors, scoring them on product features and business criteria for cloud entitlement management.

CIEM products manage cloud permissions and entitlements. The products map who or what has access in cloud environments and how those permissions change over time, flag risky access, and support remediation through policy and workflow.

GigaOm described BeyondTrust as an Outperformer, citing its development pace and approach to governance across different forms of identity.

"BeyondTrust is classified as an Outperformer due to industry-first AI agent governance, monthly major capability release (including ML-enhanced analytics and secrets management), and the architectural unification of CIEM with ITDR and PAM," said Ivan McPhee, GigaOm Radar for Cloud Infrastructure Entitlement Management (CIEM)

Platform scope

Pathfinder is positioned as a unified identity security platform that combines CIEM with identity threat detection and response (ITDR) and privileged access management (PAM). BeyondTrust describes it as a single interface for managing identities across environments.

Pathfinder is designed to address human, machine, and agent identities, linking entitlement management with privileged access controls and identity threat monitoring.

Within Pathfinder, Identity Security Insights provides cross-domain visibility and intelligence, while Entitle manages cloud permissions. Together, these components underpin CIEM functionality within the broader platform.

Evaluation criteria

GigaOm's CIEM radar evaluates vendors across requirements including ITDR, just-in-time access, lifecycle entitlements governance, compliance automation, AI-based anomaly detection, and platform interoperability.

The report also highlights the demands of multicloud environments. Many organisations use more than one cloud provider and store identity data across separate systems, such as identity providers and HR platforms, which can create overlapping permissions and inconsistent access controls.

Multicloud features

According to GigaOm, Pathfinder provides continuous discovery across AWS, Microsoft Azure, and Google Cloud Platform. The report also notes AI-driven anomaly detection, automated least-privilege recommendations, and risk-scored remediation guidance.

Just-in-time access also featured in the report's discussion of Pathfinder. It points to Entitle as the mechanism for time-bound access, describing automation that analyses access request patterns and supports policy-based auto-approval for lower-risk requests, with configurable workflows for higher-risk requests.

BeyondTrust says the platform integrates with identity providers, HR systems, and ticketing platforms, and includes more than 100 application integrations. These integrations are designed to grant and revoke time-bound access based on policies and workflows.

Governance and compliance

Lifecycle governance was another area highlighted in the report, including automated provisioning and deprovisioning, continuous synchronisation with authoritative sources, access review campaigns, and monitoring for dormant accounts and orphaned permissions.

On compliance reporting, the report notes entitlement evaluation against regulatory control mappings, citing frameworks such as GDPR, HIPAA, PCI DSS, and SOC 2. It also highlights audit-ready reporting and audit trails that link entitlement decisions to approvals and business justifications.

BeyondTrust says Pathfinder supports SaaS deployment with optional on-premises components. It also says the modular architecture allows organisations to adopt CIEM on its own or alongside other identity security functions.

Market context

CIEM has gained prominence as cloud identity becomes a security priority. Organisations often face overprivileged accounts, inconsistent permissions across cloud services, and limited visibility across different types of identity. Security teams are also under pressure to demonstrate governance and compliance through repeatable reporting.

BeyondTrust linked the recognition to what it described as the growing significance of entitlement risk.

"Cloud identities - and more specifically, their entitlements - have become the primary attack surface in modern enterprises," said Sam Elliott, SVP Product Management, BeyondTrust.

Elliott continued, "BeyondTrust's Pathfinder Platform meets this challenge head-on, fusing CIEM, PAM, and ITDR into a unified platform that eliminates visibility gaps by breaking down silos across all domains. We believe this recognition from GigaOm validates our approach to delivering AI-driven, privilege-centric identity security that protects organizations from today's emerging and most pressing threats."

BeyondTrust says it has 20,000 customers, including 75 of the Fortune 100, and expects demand for unified identity security platforms to rise as organisations expand cloud use and respond to identity-based threats.