Organizations have invested into IGA systems over several years to build the capability for managing the identity and access which is primary driven on “who needs access to what”, it’s no longer sufficient
IGA systems don’t have capability to analyze what users are doing with the access which puts organizations at the risk of legitimate accounts being used for theft and misuse.
IGA systems also lack proper integration with Cyber Threat Intelligence and Monitoring platforms to exchange Identity and obtain intelligence on what a user does with the access across the enterprise.
I agree