As media outlets broadcast security breaches with household names like Target and Home Depot, hundreds of less-famous breaches are occurring every day. Most of these have one thing in common; they come from the inside. As a result, IT organizations and the industry at large are beginning to shift their threat mitigation strategies.
One such recent shift occurred when Microsoft drew attention to a small Israeli startup, Aorato. The promise of threat detection technology that sees insider behavior and identifies threats before a serious breach occurs led Microsoft to consider acquisition of this company without even a hint of revenue.
But while Aorato’s packet-sniffing-appliance approach is innovative, there is an alternative solution that may provide organizations with even greater visibility and a more seamless approach, true SIEM integration and the ability to block activities from occurring.
The StealthINTERCEPT® product from STEALTHbits Technologies is a security interception technology that installs a lightweight agent on Active Directory domain controllers. By installing on each domain controller, the entire network is covered without the need to reconfigure switches or place appliances in every data center.
StealthINTERCEPT provides real time insight into insider threats and alerts on unusual user behavior. Security professionals receive alerts for both administrative actions and user behavior that is out of the norm. Scenarios such as brute force attacks, horizontal movement of accounts, pass the hash and pass the ticket, sensitive account hacking, Active Directory security group modifications, GPO changes, unusual user login behavior and many other high-risk scenarios are detected using proven security interception technology.
As an IBM, HP, and McAfee partner, StealthINTERCEPT’s SIEM output provides insider threat intelligence to IBM QRadar, HP ArcSight, and McAfee Enterprise Security Manager, extending the value of these leading SIEM products and delivering insider threat intelligence for a single pane of glass view.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Jonathan Sander is STEALTHbits’ Chief Technology Officer (CTO). As CTO, he is responsible for driving technical innovation, ensuring that STEALTHbits is well positioned in their current and emerging markets, and he will also lead corporate development efforts. Jonathan also plays the role of evangelist at STEALTHbits venues large and small. Prior to STEALTHbits, Jonathan was VP of Product Strategy for Lieberman Software.
As part of Quest Software from 1999 through 2013, he worked with the security and ITSM portfolios. He helped launch Quest’s IAM solutions, directing all business development and product strategy efforts. Previous to that, Mr. Sander was a consultant at Platinum Technology focusing on the security, access control and SSO solutions. He graduated from Fordham University with a degree in Philosophy.