StealthDEFEND 2.2 – Blocking Threats without an Army of Analysts

StealthDEFEND 2.2 – Blocking Threats without an Army of Analysts

Data Breaches continue to rise 30-40% every year and attackers continue to advance their techniques to infiltrate organizations exploiting vulnerabilities to gain access to sensitive data. Organizations concerned about data breaches and the rising costs to remediate them, need advanced solutions to identify and combat these ever-increasing attacks.

As attacks increasingly occur, organizations are struggling to find sufficient security talent:

StealthDEFEND aims to provide today’s organizations with the ability to detect, prevent, and respond to attacks with detailed change detection, behavior analysis, and automated responses.

Our newest release, StealthDEFEND version 2.2, continues the ‘do more with less’ theme. StealthDEFEND 2.2 has identified two new attacks, forged privileged attribute certificates (PACs) and Ntds.dit file tampering. Both of these attacks are very difficult to detect without help, potentially draining resources with no guarantee of detection if done manually. StealthDEFEND makes it simple to detect these threats and improve the security of your environment with fewer resources.

But it’s not just about detecting attacks and sending alerts, it’s also about automating responses and blocking techniques to prevent any attack/attacker from moving laterally and continuing their operation. StealthDEFEND v2.2 introduces the ability to import/export threat responses (we call them ‘Playbooks’) across the organization from dev-test to pre-production to production environments and standardize threat responses enterprise-wide. We can also disable computer and user accounts, as well as tag resources involved in an attack for accelerated remediation.

As with any threat alerting and response solution, minimizing false positives is critical to understaffed investigation teams and ensures proper prioritization to reduce attacker dwell time. For example, instead of sending alerts whenever a user lockout happens, we can set a threshold to better determine if a situation is a real threat or simply a user error. (e.g. A user modified 30 groups in less than 2 minutes….Houston, we have a problem!) And because StealthDEFEND is a 24/7 critical component of detecting attacks, a compromise to StealthDEFEND can be devastating. Hence why we’ve added multi-factor authentication (MFA) to access the product. You can use any 3rd party MFA solution that supports RADIUS and one-time passcodes (OTPs).

The latest threats require modern solutions, and modern solutions minimize the resources needed to be effective. Do more with your limited staff with StealthDEFEND v2.2.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.