Meet the Hounds Β· toggle theme, then print
JANUS crest
MEET THE HOUNDS

JANUS

Identity Inventory
Janus Hound Β· Category: Identity
β€œEvery identity β€” human or not β€” and its weaknesses.”

The two-faced god of doorways β€” Janus sees human and non-human identities alike, and every door they open.

THE PROBLEM

Non-human identities, reused local admins, default credentials, and Active Directory attack paths are the real fuel of lateral movement β€” and they're invisible to vulnerability scans framed around CVEs. The accounts attackers actually ride through your estate never show up on a severity-sorted finding list.

WHAT IT DOES

Janus builds a content-first inventory of every identity in the estate β€” human and non-human β€” via a 3-pass content sweep. It flags non-expiring, privileged, guest-enabled, and machine identities, then surfaces what attackers love most: credential reuse, default and blank credentials, AD attack-path exposure, and the coverage gaps (blind hosts) where it can't see at all.

KEY CAPABILITIES

  • Identity discovery + classification β€” a 3-pass content sweep over plugin output finds human and non-human identities alike β€” service accounts, machine identities, the NHI population no CMDB tracks β€” and classifies each one.
  • Risk flags from identity plugins β€” non-expiring passwords, privileged and guest-enabled accounts, default/blank credentials, and password-auth SSH, each flagged from specific plugin evidence rather than inference.
  • Correlation layer β€” names your crown-jewel identities (privileged accounts on KEV/critical-exposed hosts) and surfaces credentials reused across five or more hosts β€” the exact fuel of lateral movement.
  • Provenance columns β€” every identity claim traces back to the plugin that produced it, so IAM teams can verify a finding before acting on it instead of trusting a black box.
  • Coverage-gap headline β€” blind and uncredentialed hosts lead the report rather than hiding in a footnote, so silence is never mistaken for safety.
  • Gated tagging β€” identity risk becomes taggable, routable work β€” proposed and human-approved, like every write in the pack.

HOW IT WORKS

Janus runs against the local navi.db built from your Tenable data: the vulns plugin family and output, plus specific identity plugins (83303, 10860, 41028, 10859, 149334, 17651). All writes are proposed, human-approved, and logged.

WHY IT'S DIFFERENT

  • Identity risk from vuln data you already collect β€” no extra agent, no new deployment, no separate identity scanner.
  • It's the biggest single feeder to attack-path analysis β€” the credential pivots Fenrir chains come from Janus.
  • Honest coverage-gap headline: Janus leads with what it can't see, so you never mistake silence for safety.
  • Evidence-first with provenance β€” every claim traces to a plugin, so IAM teams can verify before they act.

PROOF POINTS

  • Discovers and classifies identities across a reference environment of 268 mixed RHEL/Windows assets β€” including the non-human identities no CVE list mentions.
  • Correlates privileged identities with KEV/critical exposure to name your crown-jewel identities, and flags credentials reused across 5 or more hosts. Honest caveat: signals depend on the relevant plugins being present in your scans β€” validate against a known host first. Blind and uncredentialed hosts are called out, not hidden.

WORKS BETTER WITH

Janus is Fenrir's biggest feeder β€” its credential weaknesses become the lateral-movement pivots in ranked attack paths β€” and it drives Anubis ACR calibration so identity-critical assets get the priority they deserve.

WHO IT'S FOR

IAM and identity-security teams who need visibility beyond the directory; AD admins hunting reuse and default creds; threat teams tracing the accounts attackers would actually use.

CALL TO ACTION

Ask Janus which doorways are open in your estate β€” both faces are watching.

THE HOUNDS β€” a human-in-the-loop security agent pack for Tenable VM / Tenable One.Gated writes Β· Evidence-first Β· Honest about coverage