What is Azure Active Directory?

What is Azure Active Directory?

High-Level Overview of Azure AD If you’re reading the Insider Threat Security Blog, I’m sure you’re familiar with Active Directory. We’ve covered many topics with on-premise Active Directory: from clean-up to advanced attacks and threat detection. But what about Azure Active Directory? Has your organization started to march into the cloud and begun the migration process? Perhaps you’re just looking to wrap your head around what Microsoft has to offer. STEALTHbits is here to help. Azure AD Overview At a…

Read More Read More

Fun with Active Directory’s AdminCount Attribute

Fun with Active Directory’s AdminCount Attribute

This blog post is part of a series about Active Directory attributes with values or behaviors that can be easily and inadvertently misinterpreted and misused. This series will provide information about these attributes, including both their limitations and their valid usages with respect to the administration of Active Directory. Active Directory is the primary authentication service used by the vast majority of organizations, including more than 95% of Fortune 500 companies. Consequently, Active Directory objects with elevated administrative privileges are…

Read More Read More

StealthDEFEND 2.2 – Blocking Threats without an Army of Analysts

StealthDEFEND 2.2 – Blocking Threats without an Army of Analysts

Data Breaches continue to rise 30-40% every year and attackers continue to advance their techniques to infiltrate organizations exploiting vulnerabilities to gain access to sensitive data. Organizations concerned about data breaches and the rising costs to remediate them, need advanced solutions to identify and combat these ever-increasing attacks. As attacks increasingly occur, organizations are struggling to find sufficient security talent: “Nearly Half of Organizations Lack the Necessary Talent to Maintain Security Measures” – Industry News, March 20, 2019. “Most Organizations…

Read More Read More

Making Internal Reconnaissance Harder Using NetCease and SAMRi10

Making Internal Reconnaissance Harder Using NetCease and SAMRi10

What is Internal Reconnaissance? Internal Reconnaissance is one of the first steps an attacker will take once they have compromised a user or computer on the internal network. This usually involves using tools or scripts to enumerate and collect information to help them identify where they should try and compromise next on the internal network to get what they need. An example of a tool that is commonly used for internal reconnaissance is BloodHound which can map out paths for…

Read More Read More

ProTip: Exciting New StealthDEFEND Functionality Available with the Release of Version 2.2 on November 5, 2019

ProTip: Exciting New StealthDEFEND Functionality Available with the Release of Version 2.2 on November 5, 2019

STEALTHbits is very excited to share a sneak peek of some of the enhancements available with the launch of StealthDEFEND 2.2, scheduled for November 5, 2019. The fact remains – organizations concerned about data breaches and the rising costs to remediate them, need advanced solutions to not only quickly identify, but automatically respond to an ever-increasing barrage of attacks and breaches. Please continue reading to review technical tips and aligning video tutorials of how StealthDEFEND 2.2 can help: Tip 1:…

Read More Read More

Advanced Data Security Features for Azure SQL- Part 3: Advanced Threat Protection

Advanced Data Security Features for Azure SQL- Part 3: Advanced Threat Protection

In my last blog post, we took a look at the Vulnerability Assessment within the Advanced Data Security (ADS) offering for Azure SQL. In my final blog post of the series, we will take a deep dive into the Advanced Threat Protection features. VIEW PART 1 HERE VIEW PART 2 HERE Advanced Threat Protection for Azure SQL Databases provides administrators with immediate visibility into potential threats such as suspicious database activities, potential vulnerabilities, SQL injection attacks, as well as anomalous…

Read More Read More

Top Five Ways You End Up With Open Shares: Part 2

Top Five Ways You End Up With Open Shares: Part 2

In the first post of this series, we explored two ways you can end up with dangerous open shares. Open shares are essentially folders that everyone in your company can access. Sharing what is in those folders isn’t a threat by itself, but securing those documents can be tough. In this post, we’ll discuss three equally important, but less common ways to end up with dangerous open shares. Learn more about open shares here. Reason 3: End Users Are Given…

Read More Read More

Protip: How to Use the STEALTHbits Privileged Activity Manager for Delegated Access to Active Directory

Protip: How to Use the STEALTHbits Privileged Activity Manager for Delegated Access to Active Directory

Oftentimes, helpdesk operators are given access to accounts with privileges covering a broad range of tasks. A better approach is to apply delegated permissions for the specific task in hand, and then to remove those privileges once the action has been completed. STEALTHbits Privileged Activity Manager (SbPAM) can allow AD rights to be dynamically added to a helpdesk operator account at the point it is required. To do this you will need to create a new Activity. Step 1) Create…

Read More Read More

Top Five Ways You End Up With Open Shares: Part 1

Top Five Ways You End Up With Open Shares: Part 1

Open shares are evil. Sure, there are cases you may need a read-only share open to everyone in the organization. How else will they grab benefits forms or company calendars to print and hang in their cubes? But it’s amazing how often those simple use cases grow into ugly messes. All it takes is one person with the right (or wrong) rights to add write access to that same share, and you have a huge problem. Learn more about open…

Read More Read More

Pragmatic Data Security Best Practices: Part 2

Pragmatic Data Security Best Practices: Part 2

The last post, we started discussing the importance of protecting Active Directory and your unstructured data. Today, we’ll continue our discussion with the next three data security best practices to ensure the security of your data. Pragmatic Data Security Best Practice #2: Monitor Activity Monitoring activity is an essential capability, but be careful not to bite off more than you can chew. The best way to make effective use of your monitoring efforts is to focus on specific scenarios you’d…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.

Privacy Preference Center

      Necessary

      Advertising

      Analytics

      Other