WDigest Clear-Text Passwords: Stealing More Than a Hash

WDigest Clear-Text Passwords: Stealing More Than a Hash

What happens when a malicious user has access to more than just an NTLM hash? What is WDigest? Digest Authentication is a challenge/response protocol that was primarily used in Windows Server 2003 for LDAP and web-based authentication. It utilizes Hypertext Transfer Protocol (HTTP) and Simple Authentication Security Layer (SASL) exchanges to authenticate. At a high level, a client requests access to something, the authenticating server challenges the client, and the client responds to the challenge by encrypting its response with…

Read More Read More

ProTip – Adding Real-Time Analytics to GDPR

ProTip – Adding Real-Time Analytics to GDPR

We recently released our “5 Cybersecurity Trends for 2019” covering a few of our technical experts’ opinions here at STEALTHbits. One trend is specifically around GDPR fines causing organizations to finally get serious about GDPR compliance this year. In this edition of our ProTip, I will walk you through how you can add in StealthAUDIT’s real-time analytics to Active Directory and File System data to enable reporting for these regulations. Our Vice President of Product Strategy, Ryan Tully, shed some…

Read More Read More

5 Cybersecurity Trends for 2019

5 Cybersecurity Trends for 2019

As we kick off 2019, we are excited to bring you our 3rd Annual “STEALTHbits’ Experts Predictions”. This has been such a crowd pleaser that we just had to keep it going! Like the last few years, we made our way around the office with left over holiday cookie bribes to get the voice of STEALTHbits regarding the future of cybersecurity. So, read on…because you don’t want to miss these wise and insightful opinions on which trends will emerge in…

Read More Read More

How STEALTHbits Helps Our Customers Comply With The CDM Program Guidelines

How STEALTHbits Helps Our Customers Comply With The CDM Program Guidelines

Continuous Diagnostic and Mitigation (CDM) Guidelines, Programs, and More Continuous Diagnostics and Mitigation (CDM) Program is a dynamic approach to fortifying the cybersecurity of government networks and systems. The CDM Program provides DHS, along with Federal Agencies with capabilities and tools and identify cybersecurity risks on an ongoing basis, prioritize these risks based on potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first. Congress established the CDM program to provide adequate, risk-based, and cost-effective cybersecurity and…

Read More Read More

Announcing StealthAUDIT 8.2 General Availability

Announcing StealthAUDIT 8.2 General Availability

Back at the end of October, we gave you a sneak peek at the new features coming in StealthAUDIT 8.2, and now you can see it for yourself!  8.2 is now on our website so you can go have a look for yourself at https://www.stealthbits.com/new-stealthaudit-release. StealthAUDIT 8.2 has the following new features and enhancements: Expanded Sensitive Data Discovery capabilities and platform support Support for Nasuni UniFS Hybrid NAS storage Enhanced support for Dropbox Business to include Sensitive Data Discovery Sensitive…

Read More Read More

Part 5: Do Too Many Users Have Privileged Access Rights?

Part 5: Do Too Many Users Have Privileged Access Rights?

What Keeps You Up at Night? Insights from a Ponemon Data Access Governance Study: Do Too Many Users Have Privileged Access Rights? Do your users have privileged access rights they don’t need? According to a recent Ponemon report on the State of Data Access Governance, plenty of organizations are granting privileged access rights for “no apparent reason”. Others are even granting privileged access to every user at a certain job level, even if it is not required to do their…

Read More Read More

ProTip – Enterprise Password Enforcer Complex Policies

ProTip – Enterprise Password Enforcer Complex Policies

StealthINTERCEPT Enterprise Password Enforcer Safeguards from Authentication-Based Attacks Using a curated dictionary of known compromised passwords and dozens of password filters, StealthINTERCEPT Enterprise Password Enforcer (EPE) safeguards your organization from authentication-based attacks. This is accomplished by proactively preventing these weak and compromised passwords from being used – regardless of whether or not they meet complexity requirements – further enforcing password hygiene and reducing the opportunity for attackers to crack or guess passwords in automated or manual fashions.     Our…

Read More Read More

Best Quest Alternative

Best Quest Alternative

Looking for a Quest Alternative? If you’ve been following STEALTHbits and our achievements in the Active Directory Management and Security space, you know we’ve been on a Quest to become your go-to Active Directory security solution provider and Quest Alternative. At STEALTHbits, we believe customers deserve the most innovative solutions and creative capabilities on the market, as well as a partner who will help you make informed decisions about the solutions you’re investing in. Most importantly, we believe you should…

Read More Read More

Are Weak Passwords Putting You At Risk?

Are Weak Passwords Putting You At Risk?

Credentials and data: two common denominators that are present in almost every breach scenario. Unfortunately for all of us, attackers are well aware that you can’t have one without the other. Getting to the mother lode is simple, really. Step 1: Crack the password. Step 2: Obtain credentials. And that’s why an organization’s password requirements and policies should always be under intense scrutiny. But herein lies a problem. What if an organization has “complex” criteria in place, but the output…

Read More Read More

Part 4: Are You Securing Active Directory?

Part 4: Are You Securing Active Directory?

What Keeps You Up at Night? Insights from a Ponemon Data Access Governance Study: Are You Securing Active Directory? As an IT professional, you’ve likely made a number of different investments to protect the data within your organization. In order to help with the provisioning of user access rights, you may have invested in an Identity and Access Management (IAM) solution. You’ve likely adopted a SIEM and Data Loss Prevention (DLP) platform as well. And you should!  These technologies provide…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.