Data Breaches continue to rise 30-40% every year and attackers continue to advance their techniques to infiltrate organizations exploiting vulnerabilities to gain access to sensitive data. Organizations concerned about data breaches and the rising costs to remediate them, need advanced solutions to identify and combat these ever-increasing attacks.
As attacks increasingly occur, organizations are struggling to find sufficient security talent:
- “Nearly Half of Organizations Lack the Necessary Talent to Maintain Security Measures” – Industry News, March 20, 2019.
- “Most Organizations Lack Cyber Resilience” – DARK Reading, August 11, 2019.
- “Lack of Resources Top Challenges to IT Security” – Computer Weekly, August 2, 2019.
StealthDEFEND aims to provide today’s organizations with the ability to detect, prevent, and respond to attacks with detailed change detection, behavior analysis, and automated responses.
Our newest release, StealthDEFEND version 2.2, continues the ‘do more with less’ theme. StealthDEFEND 2.2 has identified two new attacks, forged privileged attribute certificates (PACs) and Ntds.dit file tampering. Both of these attacks are very difficult to detect without help, potentially draining resources with no guarantee of detection if done manually. StealthDEFEND makes it simple to detect these threats and improve the security of your environment with fewer resources.
But it’s not just about detecting attacks and sending alerts, it’s also about automating responses and blocking techniques to prevent any attack/attacker from moving laterally and continuing their operation. StealthDEFEND v2.2 introduces the ability to import/export threat responses (we call them ‘Playbooks’) across the organization from dev-test to pre-production to production environments and standardize threat responses enterprise-wide. We can also disable computer and user accounts, as well as tag resources involved in an attack for accelerated remediation.
As with any threat alerting and response solution, minimizing false positives is critical to understaffed investigation teams and ensures proper prioritization to reduce attacker dwell time. For example, instead of sending alerts whenever a user lockout happens, we can set a threshold to better determine if a situation is a real threat or simply a user error. (e.g. A user modified 30 groups in less than 2 minutes….Houston, we have a problem!) And because StealthDEFEND is a 24/7 critical component of detecting attacks, a compromise to StealthDEFEND can be devastating. Hence why we’ve added multi-factor authentication (MFA) to access the product. You can use any 3rd party MFA solution that supports RADIUS and one-time passcodes (OTPs).
The latest threats require modern solutions, and modern solutions minimize the resources needed to be effective. Do more with your limited staff with StealthDEFEND v2.2.
Damon is the Director of Product Marketing at STEALTHbits responsible for Active Directory and Privileged Access Management solutions. He has over 20 years of experience addressing marketing challenges of all kinds for many notable, B2B software companies, including Red Hat, Quest Software, Sterling Commerce, and most recently SecureAuth. Damon has a passion for cybersecurity software and improving the defenses of organizations against cyber-attacks. Damon resides in Columbus, Ohio.