StealthAUDIT is offering an exciting update on Wednesday with its first official Feature Pack. In this first feature pack, we are focusing on Active Directory and Systems Best Practices for Security and Operations. Let’s look at each in more detail.
Active Directory Best Practices
Active Directory (AD) provides authentication and authorization services for the majority of IT systems. AD is growing increasingly complex, less secure, and more difficult to manage. StealthAUDIT for Active Directory is an auditing, compliance, and governance framework for AD that provides comprehensive data collection, analysis, remediation workflows, and reporting. StealthAUDIT for Active Directory gives you the reporting tools needed to follow best practices and remediate security vulnerabilities easily and effectively.
Active Directory Feature Pack Highlights:
Identifying and Protecting Administrator Accounts – Identify potential trouble spots like accounts that have the ability to log on to Domain Controllers, advanced AD object permissions, Directory Services Restore Mode (DSRM) account status, and potential passwords present in SYSVOL or Group Policy.
Privilege Escalation – Identify sensitive security groups and group memberships in Active Directory, scan for SID history tampering, and understand default directory permissions and the risks associated with a default directory.
Systems Best Practices
To promote security, compliance, and operational integrity, StealthAUDIT provides best practice reports to help you understand vulnerabilities and inconsistencies across desktop and server infrastructure.
Systems Feature Pack Highlights:
Privileged Account Auditing
StealthAUDIT for Systems enables organizations to efficiently and effectively evaluate effective access at each endpoint while highlighting configurations and conditions that expose organizations to unnecessary risk. An example is identifying the effective membership of local administrator groups and changes to group membership.
Endpoint Auditing and Compliance
StealthAUDIT for Systems’ robust auditing capabilities and baseline conformance framework enable organizations to understand where missing or inaccurate configurations exist across desktop and server infrastructure, in addition to conditions attackers regularly exploit during breach scenarios like applications set to run at boot or log on.
Every attacker is after the same two things: credentials and data. Inappropriate privileged access in Active Directory and improperly configured systems enable bad actors to perpetrate attacks. They’re able to exploit common vulnerabilities to obtain the privileges they need to compromise resources.
The StealthAUDIT for Active Directory Feature Pack and the StealthAUDIT for Systems Feature Pack aid in verifying that key configurations and conditions meet best practice standards such as the status of user passwords and their associated complexities, service accounts and their level of privilege, and the usage of historical SIDs.
The ability to automate the process of assessing alignment to best practices at the Active Directory and Operating System level enables organizations to establish and maintain the strong foundation needed to thwart attacks and mitigate their risk of breach and operational catastrophe.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Brad Bussie is an award winning fifteen year veteran of the information security industry. He holds an undergraduate degree in information systems security and an MBA in technology management. Brad possesses premier certifications from multiple vendors, including the CISSP from ISC2. He has a deep background architecting solutions for identity management, governance, recovery, migration, audit, and compliance. Brad has spoken at industry events around the globe and has helped commercial, federal, intelligence, and DoD customers solve complex security issues.