Active Directory has always been at the center of it all, but with the advent of highly powerful, incredibly clever tools like Mimikatz, BloodHound, CrackMapExec, and the like, Active Directory has now become the center of attention.
Since 2005, STEALTHbits has been providing organizations of all sizes the best products and tools available to understand, manage, and secure their increasingly complex, ever-changing, ever-growing Active Directory environments. Now in 2019, at precisely the time its needed most, we’re both proud and excited to announce the availability of StealthDEFEND v2.0, the ultimate Active Directory defense platform.
What is StealthDEFEND and what does it do for Active Directory?
StealthDEFEND is a real-time threat detection and response solution purpose-built to protect an organization’s credentials and data. In version 2.0, StealthDEFEND has been extended to provide the ability to detect, alert, investigate and respond to advanced threats against Active Directory, in real-time.
Automatically mapping the detailed structure of your enterprise, StealthDEFEND leverages a highly tuned and enriched feed of security and operational activity happening inside of Active Directory to learn how users and devices behave.
This information enables StealthDEFEND to detect abnormal and outlier behaviors, reconnaissance activities, and targeted attacks using advanced techniques.
What kind of behaviors? What kind of advanced techniques?
This is really at the heart of the whole subject. Although vastly improved over the years, the native auditing and security controls organizations have been forced to leverage for Active Directory have been too rudimentary and largely ineffective against modern attack vectors, even when supplemented by otherwise modern technologies like SIEM and UBA platforms.
As opposed to legacy approaches reliant on inadequate log data that just doesn’t have the information needed to get the job done, StealthDEFEND has been purpose-built to automatically identify the behaviors associated with known and suspected threats focused on Active Directory account compromise.
Active Directory Threats: StealthDEFEND detects threats like Golden Tickets, DCSync, DCShadow, Kerberoasting, LDAP Recon, LSASS Process Injection, and Password Spraying in real-time with pinpoint accuracy, and responds automatically to contain and mitigate the damage.
Abnormal/Unauthorized Active Directory Behavior: StealthDEFEND leverages unsupervised machine learning algorithms to baseline user and system activities in order to detect outlier behavior indicative of account compromise, such as Lateral Movement using Pass-the-Hash, Service Account Misuse, Sensitive Group Changes, and much more.
What makes StealthDEFEND different?
Outside of being the only solution designed to specifically address these Active Directory attack vectors, one of the most unique capabilities of StealthDEFEND is its’ action engine and corresponding response playbooks.
Rather than just detecting the threat and sounding the alarm, StealthDEFEND provides a multitude of response options that can run automatically or on demand when threats are identified. Options include:
|Stop Process||Revert Permissions Change||VirusTotal Report|
|Delete File||Send Email||Microsoft Teams|
|Send Syslog||Create ServiceNow Ticket||Save File Hash|
|Twilio SMS Message||AD Group Membership Change||Disable User Remote Desktop Access|
|PowerShell Script||Disable Active Directory Account||Force Change Password at Next Logon|
|WebHook||Send Slack Message||Duo Authentication Push|
Why StealthDEFEND? Why now?
Active Directory has never been in a more vulnerable position. The sophistication of the tools and techniques attackers have devised to compromise perhaps the most critical service within any enterprise have far outpaced those same organization’s abilities to protect themselves.
StealthDEFEND addresses the plethora of problems organizations face in securing Active Directory from advanced threats, allowing them to detect threats they may not even know exist, understand concepts they may have never been exposed to, and respond in ways that prevent or mitigate the extensive damage that can be done otherwise.
Want to learn more about StealthDEFEND? Visit our product page.
Want to learn more about Active Directory attacks? Visit our attack site.
Want to see a demo? Fill out our demo request form.
Want to get StealthDEFEND installed in your environment? Contact us.
Don’t miss a post! Subscribe to ‘The Insider Threat Security’ Blog here:
Adam Laub is the Senior Vice President of Product Management at STEALTHbits Technologies. He is responsible for setting product strategy, defining future roadmap, driving strategic sales engagements, supporting demand generation activities, enabling the sales organization and all aspects of product evangelism.
Since joining STEALTHbits in 2005, Adam has held multiple positions within the organization, including Sales, Marketing, and Operational Management roles.
Adam holds a Bachelor of Science degree in Business Administration from Susquehanna University, Selinsgrove, PA.