bresrch.co

What It Is

bresrch (Breach Research) positions itself as an identity investigation platform that helps security teams query, visualize, and analyze data across identity providers for breach investigations, access audits, and security incident response. It standardizes identity entities such as users, groups, applications, policies, roles, and devices, and uses a graph query language to analyze “who can access what, and through which path access is obtained.”

Core Capabilities

In terms of protection type, bresrch leans more toward investigation, forensics, and auditing rather than perimeter blocking or endpoint protection. The main content emphasizes millisecond-level queries across billions of breach records, with support for traversing relationships such as user-to-group, group-to-application, and policy-to-access. Its temporal database automatically versions all data and supports Time Travel queries, enabling incident response questions such as “what permissions did this account have three months ago?” On the visualization side, it supports Sankey diagrams, chord diagrams, and link graphs, helping teams analyze access paths, excessive privileges, and lateral movement risks.

Integrations, Management, and Compliance

Integration capability is one of its highlights. The documentation explicitly mentions identity sources such as Okta, Google Workspace, and Azure AD, and provides a plugin architecture for connecting custom data providers or identity sources. Management features include report generation, multi-format exports, access path analysis, historical version tracking, and compliance audit evidence output. The main content includes a SOC 2 access audit use case, but does not state that the platform itself holds certifications such as SOC 2 or ISO 27001, so certification status cannot be confirmed.

Pricing and Deployment

The publicly available content does not disclose its pricing model, plans, free trial, payment methods, or procurement process. It also does not clearly state whether deployment is SaaS, self-hosted, or hybrid. The page claims “Trusted since 2017,” “10+ Years in Production,” a “99.9% Uptime SLA,” and an average query time under 50ms, but lacks details on terms of service, regions, data residency, and enterprise support.

Pros, Cons, and Best Fit

Its strengths are clear identity relationship modeling, a query syntax well suited to security analysis, and strong historical access reconstruction. It is a good fit for incident response, excessive privilege investigations, MFA compliance checks, administrator privilege audits, and SOC 2-style access reviews. Its weaknesses are the lack of information on commercial terms, deployment, certifications, and support, while alerting and automated response capabilities are also not evident in the main content. It is better suited to mid-sized and large organizations that already use identity systems such as Okta, Google Workspace, or Azure AD and need to quickly map access relationships.

Access from China

The main content does not provide information on access from mainland China, payment, local compliance, or Chinese-language support, so china_access can only be rated as unknown. If using it from China, it is advisable to first verify direct console connectivity, identity source API connectivity, cross-border data compliance requirements, and payment methods. Possible alternatives include domestic identity governance, SIEM/SOAR, attack surface management, or breached credential monitoring products, depending on whether the enterprise prioritizes auditing, response, or real-time alerting.