SpecterOps Receives FedRAMP^® High Authorization for BloodHound Enterprise Identity Attack Path Management Platform

ALEXANDRIA, Va.--(BUSINESS WIRE)--SpecterOps, a provider of adversary-focused cybersecurity solutions born out of unique insights of advanced threat actor tradecraft, today announced they have received their FedRAMP^® High Authorization for BloodHound Enterprise (BHE). BHE is an Attack Path Management (APM) security solution for defending Microsoft Active Directory (AD) and Azure AD/Entra ID. This certification was streamlined through a partnership with Palantir FedStart.

“Many of us at SpecterOps come from a federal service background and we’ve seen firsthand how difficult it is to solve the problem of identity attack paths in the public sector,” said Justin Kohler, VP of Products at SpecterOps. “Bringing Identity Attack Path Management to FedRAMP High environments has been a goal of ours for years and we’re proud to say we’ve done it.”

Identity Attack Paths are a pervasive issue at government agencies and are regularly abused by nation-state adversaries. Identity Attack Path Management empowers government identity and security teams with continuous prioritization, remediation guidance and verification, and reporting to show improvements to their mission over time in identity and directory environments. BloodHound Enterprise reduces the risk of lateral movement and privilege escalation in Active Directory, Entra ID and hybrid Azure environments and provides Optimal Visibility, Analytics, and Risk Assessment maturity for implementing Zero Trust for Identities.

"We are very excited to have achieved the uplift of our products from the Moderate to the High baseline,” said Akash Jain, President, USG at Palantir Technologies. “We are thrilled that both FedStart and the partner applications that utilize it, such as BloodHound Enterprise, can now claim full FedRAMP High Authorization."

BHE is deployed as an application on top of the FedStart platform to comply with and inherit security controls that FedRAMP requires. The Authorized designation enables Federal agencies that require a High authorization level to utilize BloodHound Enterprise at scale to enhance their mission in protecting high-value assets. This includes most Controlled Unclassified Information (CUI), including PII and PHI, unless otherwise classified or marked.

CISA and Microsoft have recommended BloodHound, an open-source tool from SpecterOps related to BloodHound Enterprise. In Q3 2024, BHE product revenue grew by more than 100% y-o-y, and overall, the company grew significantly over the same period with employee headcount expanding 35% in the last 12 months. SpecterOps has also enabled hundreds of organizations to develop security operations programs, providing adversarial training to thousands of students in advanced adversary Tactics, Techniques and Procedures (TTPs).

In addition to its FedRAMP High Authorized designation, BHE is currently compliant with TX-RAMP Level 2, ISO 27001, ISO 27017, and SOC 2 Type 1 & 2. To learn more about BloodHound Enterprise, visit https://specterops.io/industry-public-sector/ and for additional details on SpecterOps security certifications, visit https://trust.specterops.io/.

About SpecterOps

SpecterOps is the leader in Identity risk reduction. Possessing deep knowledge of adversary tradecraft, the company enables global organizations to detect and remove critical attack paths before sophisticated attackers can take advantage of them – a practice called Attack Path Management. SpecterOps built and maintains widely used open-source security toolsets, including BloodHound, the company’s foundational tool that enables attack path management in Active Directory, Entra ID and hybrid environments. BloodHound has been recommended by the U.S. Department of Homeland Security, PricewaterhouseCoopers and many others. BloodHound Enterprise is the company's managed SaaS for identity and security teams, allowing for attack path prioritization, remediation guidance and reporting to show improvements over time. For more information on SpecterOps and BloodHound, visit specterops.io/industry-public-sector.