Improve the Efficiency and Automation of AD Object Rollback and Recovery in StealthRECOVER 1.5

Improve the Efficiency and Automation of AD Object Rollback and Recovery in StealthRECOVER 1.5

Why is Active Directory (AD) so Important to Protect?

The health and operational integrity of AD has a direct impact on the overall security of your organization. The capability to rollback and recover from unwanted changes is a critical requirement for you to maintain the security and performance of your network.

In fact – it’s never been more important.

90% of organizations use AD as their central hub of authentication and authorization. It literally holds the keys to the kingdom and therefore is an extremely common attack path. Microsoft informs that 95 million AD accounts are under attack every day[1]. Those attacks come from all angles. The 2019 Version DBIR tells us 69% come from outside and 34% come from inside an organization[2]. Preventative measures to reduce the chance of an attack are useful, but quickly recovering from an accidental or malicious change can be just as important, if not more so.

What Can Happen?

Whether the changes made to AD are accidental or malicious, it really doesn’t matter. Any disruption into this critical backend component can cost an organization time, money and reputation. If AD isn’t working properly…

  • Your workforce might not be able to access the network…
  • Your customers can’t receive the support they need…
  • Potential buyers can’t purchase goods and services…

It sounds like a disaster, right?

If you haven’t yet experienced something that halts the proper operation of AD, that’s great news! However, as Ben Franklin once said, “By failing to prepare, you are preparing to fail.”

Every organization has the responsibility to prepare for the unknown, and a means in which to recover from the multitude of changes and actions that can wreak havoc on your environment:

  • What if an attacker modifies the AdminSDHolder account to provide themselves persistent admin access? How do you rollback to a known tamper-free instance?
  • What if a junior admin accidentally deleted an entire OU un-recoverable from the recycle bin? How do you recover the OU quickly without a ridiculous & enormous rebuilding effort?

What if an attacker modified numerous group policies to ensure continual access? How do you return to pre-attack policies in order to correctly govern AD behavior?

Making “Work-Life” More Convenient for AD Administrators?

If you ask AD administrators where they spend the majority of their work time, they would say “PowerShell” or “ADUC (Active Directory Users and Computer)”. Even if they have multiple ‘management consoles’ to an army of management, operations, and security products aimed at “improving the life of an administrator”. While I’d love to think every admin loves jumping into STEALTHbits products to solve problems, sometimes it’s not the most convenient option. Hence why we enable rollback and recovery operations to be performed through popular efficiency and automation tools like PowerShell and ADUC.

“If you have ‘a lot of hands in your AD’ then this software will give you the peace of mind that any errors can be rolled back.” (Link)

We provide a library of PowerShell cmdlets and can plug-in to the ADUC interface so commands can be taken immediately without separately opening the StealthRECOVER solution.

“StealthRECOVER – Rolling back Active Directory changes is a breeze” (Link)

Other StealthRECOVER Enhancements:

We’ve made some enhancements to the UI so it’s more responsive. Our restore operations have been modified to improve speed. We’ve adopted design enhancements to our backend database to reduce database size and improve query efficiency. We also made general security and user experience enhancements to ensure you always operate safely and easily.

Learn More:

Visit the StealthRECOVER webpage – https://www.stealthbits.com/stealthrecover-active-directory-rollback-recovery-tool

Request a Demo or Trial – https://www.stealthbits.com/free-trial

Contact Sales – +1.201.447.9300 or https://www.stealthbits.com/contact


[1] https://www.zdnet.com/article/active-directory-czar-rallies-industry-for-better-security-identity/

[2] https://enterprise.verizon.com/resources/executivebriefs/2019-dbir-executive-brief.pdf

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.