Why Hydden

What Hydden Can Do For You

Hydden is a comprehensive identity discovery and threat intelligence platform designed to help organizations achieve complete visibility into their accounts across their entire IT ecosystem. Whether you're managing cloud, on-premises, hybrid, or multi-cloud environments, Hydden enables you to discover, classify, and govern the identities that matter most to your security posture.

Core Benefits

Comprehensive Account Discovery

Hydden discovers all user accounts, service accounts, computer accounts, resource accounts, and vaulted accounts across your organization's infrastructure—from on-premises data centers to cloud platforms to third-party applications. This universal visibility eliminates security blind spots and enables you to identify stale, duplicate, expired, and orphaned accounts that pose ongoing security risks.

Intelligent Identity Mapping and Ownership Assignment

Beyond account discovery, Hydden intelligently maps discovered accounts to business identities and accurately assigns account ownership. Using configurable mapping rules and threat detection, Hydden ensures that every account has clear accountability, enabling faster incident response and more effective access reviews.

Threat Detection and Risk Scoring

Hydden's threat detection engine analyzes account behaviors, configurations, and attributes to identify risky patterns specific to your organization's risk profile. Custom threat rules enable you to detect suspicious activities, enforce security policies, and prioritize remediation efforts based on actual business risk.

Compliance and Access Governance

Automatically classify accounts according to your organization's governance model and industry compliance requirements. Support unified access reviews, certifications, and attestation workflows across all identities—privileged and non-privileged. Generate comprehensive audit reports demonstrating compliance with regulatory frameworks.

Seamless Integration with Security Tools

Hydden integrates with your existing security infrastructure—identity platforms like Okta and Azure Entra ID, PAM solutions like CyberArk and BeyondTrust, ITSM platforms like ServiceNow, and workflow systems via webhooks. Leverage Hydden's intelligence to trigger automated remediation, move credentials to vaults, or notify security teams in real-time.

Reduced Manual Overhead

Replace manual account discovery, spreadsheet-based access reviews, and time-consuming compliance reporting with automated workflows. Hydden's collectors continuously discover new accounts and maintain current data, enabling your security team to focus on analysis and response rather than data gathering.

Client Deployment Approach

Hydden uses a flexible, agent-based client architecture that enables data collection from any environment while maintaining security and control.

How It Works

Hydden clients are lightweight services that are deployed in your environment—on Windows or Linux servers, in containers, or in cloud VPCs. These clients:

• Connect securely to your data sources (directories, cloud platforms, databases, applications, vault systems, etc.)
• Collect account and identity data according to configured schedules
• Send the collected data securely to the Hydden platform for analysis, mapping, and threat detection
• Require no agents installed on target systems—they communicate via standard APIs and protocols

Why This Approach

This client-based architecture provides several advantages:

• Security and Control: Data collection stays within your network perimeter. Clients authenticate to your systems using credentials you control, and all data transfers are encrypted.
• Flexibility: Deploy clients wherever you need them—on-premises, in cloud accounts, in containers, on separate network segments—enabling collection from diverse environments.
• Performance: Local clients provide efficient, high-speed data collection without burdening your critical systems or networks.
• Compatibility: The same client architecture works across Windows, Linux, and containerized environments, simplifying deployment at scale.
• Multi-Source Support: A single client can be configured to collect from multiple data sources, or multiple clients can be deployed for redundancy and load distribution.

Deployment Models: SaaS vs On-Premises

Hydden offers flexible deployment options to match your organization's infrastructure preferences and compliance requirements.

SaaS (Cloud-Hosted) Deployment

The Hydden SaaS platform is hosted in Microsoft Azure and maintained by Hydden. This is the recommended approach for most organizations.

Benefits:

• Zero Infrastructure Overhead: No need to manage, patch, or maintain Hydden platform infrastructure. Hydden handles all updates, security patches, and platform reliability.
• Rapid Onboarding: Get started quickly without infrastructure provisioning or complex deployments. Sign up, deploy a client, and begin collecting data within days.
• Automatic Updates: Always access the latest features, threat detection rules, and security improvements without manual upgrades or downtime.
• Scalability: The SaaS platform automatically scales to support your organization's growth without capacity planning or infrastructure expansion.
• High Availability: Built on Azure's redundant, globally distributed infrastructure with automatic failover and backup.
• Cost Efficiency: Predictable per-account pricing with no upfront infrastructure investment or maintenance costs.
• Multi-Tenancy with Isolation: Support for multiple isolated tenants with independent data, configurations, and access controls.

Deployment:

• Deploy lightweight clients in your environment
• Clients connect securely to your data sources
• Data is transmitted securely to the SaaS platform
• Analyze results through Hydden's cloud-hosted web interface

On-Premises Deployment

For organizations with strict data residency requirements, air-gapped networks, or regulatory constraints, Hydden supports fully on-premises deployment.

Benefits:

• Data Residency: Keep all collected identity data within your data centers, meeting strict data sovereignty and residency requirements.
• Network Independence: Operate in air-gapped or isolated network environments without internet connectivity to the SaaS platform.
• Custom Configuration: Full control over Hydden deployment, configuration, and infrastructure integration.
• Regulatory Compliance: Meet regulatory requirements that mandate data processing within specific geographic regions or prevent cloud storage.
• Long-Term Retention: Maintain comprehensive historical audit data within your own infrastructure for extended compliance and forensic investigation.

Deployment:

• Deploy Hydden platform components on your infrastructure (Windows or Linux servers, Kubernetes clusters, or virtual environments)
• Deploy clients in your environment to collect data from local systems
• All data processing and storage occurs within your infrastructure
• Manage platform updates and maintenance according to your schedule
• Optional managed services available through Hydden for platform operations and support

Choosing Your Deployment Model

Choose SaaS if:

• You want rapid deployment with minimal infrastructure investment
• You prefer letting Hydden manage platform operations and updates
• You have internet connectivity to Azure cloud services
• You benefit from SaaS scalability and high availability
• You want the latest features and threat detection rules automatically

Choose On-Premises if:

• Strict data residency or regulatory requirements mandate local data storage
• Your network is air-gapped or isolated from the internet
• You require maximum control over the deployment environment
• Your organization has policies requiring on-premises infrastructure
• You need to maintain extended historical audit data locally

Hybrid Approach

Many organizations use a hybrid model with multiple SaaS tenants for different business units or geographic regions, combined with on-premises deployments for sensitive or regulated data. Hydden's flexible licensing and deployment models support this approach.

Getting Started

Ready to implement Hydden? Follow these next steps:

1. How to Register with Hydden - Create your tenant and complete the registration process
2. Quick Start Guide - Get up and running with data collection in minutes
3. Client Deployment - Deploy and configure clients for your environment
4. Configuration - Configure data sources, identity mapping, and integrations
5. View What's New - Learn about the latest features and capabilities

Discover what Hydden can do for your organization's security and compliance objectives.