Solluna Caelum helps organisations design, implement, and operate IAM that stands up under audit — from access lifecycle and approvals to privileged access and governance that actually runs in production.
End-to-end IDAM capability — from strategy through implementation to ongoing governance.
Lifecycle control and access accountability at enterprise scale. We design and implement governance frameworks that survive auditor scrutiny while remaining operationally practical.
Reducing risk where the blast radius is highest. We help organisations discover, vault, and govern privileged access with controls that work in production, not just in policy documents.
Secure access that doesn't break the user experience. We design and implement SSO and MFA solutions that balance security with usability across cloud and legacy systems.
Controls are where governance becomes operational. We design and implement the recurring processes that keep access aligned to policy and actually run in production.
Before tools come decisions. We help organisations assess their IAM maturity, define a realistic target state, and build the business case to get there — vendor-neutral and pragmatic.
Identity as the control plane for modern access. We help organisations design access models where identity, device, and context drive every access decision.
Hover over any capability or control to explore more.
Description
Lifecycle control and access accountability at enterprise scale.
Reducing risk where the blast radius is highest.
Secure access that doesn't break the user experience.
Identity as the control plane for modern access.
Current-state reality
Governance & RACI
RFP & evaluation
Funded path forward
Foundation
A curated view of identity-related incidents, failure patterns, and governance breakdowns — interpreted through an IAM lens. We focus on what matters for access control, auditability, and operational reality.
Critical SSO bypass enabling attackers to impersonate users; highlights need for layered authentication controls beyond perimeter.
Authentication and session handling flaws in F5 appliances; relevant for orgs using F5 as access gateway or federation proxy.
Confirms active exploitation of known auth bypass flaws; reinforces need for timely patching of identity-adjacent infrastructure.
Middleware auth bypass in popular framework; relevant for custom apps with identity checks at the edge layer.
Strategic review identifying systemic weaknesses in digital identity posture across UK organisations.
Credential theft and privilege abuse as primary ransomware vectors; underscores PAM and credential hygiene gaps.
Websocket module bypass enabling unauthenticated access; impacts orgs using Fortinet for VPN or reverse proxy.
Cloud identity now the top initial access method; MFA gaps and weak conditional access are key enablers.
Threat actor profile using social engineering and MFA fatigue to compromise enterprise SSO; highly relevant to helpdesk security.
Joint advisory on MFA fatigue attacks; recommends number matching and phishing-resistant factors.
State-sponsored actors exploiting MFA fatigue and password spraying; relevant for critical infrastructure sectors.
Strategic context on attack volume; identity compromise cited as recurring initial access method across incidents.
Best practice guidance for deploying FIDO2 and WebAuthn; essential reading for MFA uplift programs.
Unauthenticated RCE in collaboration platform; relevant for orgs with Confluence exposed or federated to corporate IdP.
UK-specific targeting of Okta and Azure AD via helpdesk social engineering; actionable for IT service desk hardening.
Multiple auth and privilege escalation flaws; impacts knowledge platforms often integrated with identity systems.
Ransomware group profile and observed tactics; useful context for identity-driven initial access and lateral movement patterns.
The recurring identity failures behind most breaches and audit findings.
Delayed removals, orphaned access, and weak ownership lead to persistent access drift.
Non-human identities often outnumber humans and lack lifecycle controls and certification.
Approvals become rubber stamps without role clarity, guardrails, and exception governance.
Excess permissions accumulate over time without routine review and role discipline.
Share a few details and we'll respond with clear next steps and options.