Browsed by
Author: darin-pendergraft

As the VP of Product Marketing, Darin is responsible for product messaging and positioning as well as generating industry and market awareness for STEALTHbits products.  He is an experienced leader who has worked in software for over 21 years. Prior to joining STEALTHbits, he was VP of Marketing for Quorum and SecureAuth, and has held positions in product management & product marketing at Oracle, and Quest Software.
Impressions from RSA 2019

Impressions from RSA 2019

This year’s RSA convention was a riot of sights and sounds with a lot of familiar faces, mega-booths with flashy giveaways, as well as some new/old companies in the form of recently acquired or merged organizations. There were the familiar topics of security analytics, security as a service, and advanced threat detection, but on the surface, it is difficult to pick out any obvious new trends. After thinking back about everything I saw, I have decided that the one common…

Read More Read More

Taking a Data Centric Audit and Protection (DCAP) Approach Avoids the Weaknesses of a Siloed Data Security Strategy

Taking a Data Centric Audit and Protection (DCAP) Approach Avoids the Weaknesses of a Siloed Data Security Strategy

Data Centric Audit and Protection (DCAP) is a term defined by Gartner back in 2017 in response to the weaknesses of the Data Security Governance practices at the time. At that time, data protection strategies focused on the security of the application, or storage system that contained the data. This focus led to a variety of technology-specific security tools which tended to be owned and managed by different teams within IT. This siloed approach to data security worked well as…

Read More Read More

Unconstrained Delegation Exploit

Unconstrained Delegation Exploit

Microsoft released another security advisory today that affects Active Directory security. Similar to the Exchange advisory, this is coming from research done by third-party security researchers.  Here is the original post explaining the exploit. In addition, a more detailed explanation of the conditions and setting necessary for this attack to occur was posted by Roberto Rodriguez, a colleague of harmj0y’s at Specterops: Hunting in Active Directory: Unconstrained Delegation & Forests Trusts Microsoft was first notified of this attack back in October…

Read More Read More

New Exchange Authentication Vulnerability uses AD Admin to Gain Privileges

New Exchange Authentication Vulnerability uses AD Admin to Gain Privileges

STEALTHbits mitigates a new vulnerability that uses Exchange Authentication to gain AD Admin privileges A new attack has been posted by Dirk-jan Mollemma, an independent security researcher that exploits how Exchange uses NTLM over HTTP to authenticate to the Active Directory Domain. Read the complete details. This attack combines known vulnerabilities in a new way to achieve privilege escalation that can be used to attack AD. Here is how the attack works. An attacker sends a request to Exchange that causes…

Read More Read More

How STEALTHbits Helps Our Customers Comply With The CDM Program Guidelines

How STEALTHbits Helps Our Customers Comply With The CDM Program Guidelines

Continuous Diagnostic and Mitigation (CDM) Guidelines, Programs, and More Continuous Diagnostics and Mitigation (CDM) Program is a dynamic approach to fortifying the cybersecurity of government networks and systems. The CDM Program provides DHS, along with Federal Agencies with capabilities and tools and identify cybersecurity risks on an ongoing basis, prioritize these risks based on potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first. Congress established the CDM program to provide adequate, risk-based, and cost-effective cybersecurity and…

Read More Read More

Announcing StealthAUDIT 8.2 General Availability

Announcing StealthAUDIT 8.2 General Availability

Back at the end of October, we gave you a sneak peek at the new features coming in StealthAUDIT 8.2, and now you can see it for yourself!  8.2 is now on our website so you can go have a look for yourself at https://www.stealthbits.com/new-stealthaudit-release. StealthAUDIT 8.2 has the following new features and enhancements: Expanded Sensitive Data Discovery capabilities and platform support Support for Nasuni UniFS Hybrid NAS storage Enhanced support for Dropbox Business to include Sensitive Data Discovery Sensitive…

Read More Read More

The Top 5+1 Things You Should do to Harden Your Active Directory Infrastructure

The Top 5+1 Things You Should do to Harden Your Active Directory Infrastructure

Microsoft Active Directory (AD) is the central credential store for 90% of organizations worldwide.  As the gate keeper to business applications and data, it’s not just everywhere, it’s everything!  Managing AD is an ongoing, never-ending task, and securing it is even harder.  At STEALTHbits, we talk to a lot of customers who are using our tools to manage and secure AD, and over the years, several key strategies for tightening up security and hardening AD to resist attacks have emerged….

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.