Part 4: Are You Securing Active Directory?

Part 4: Are You Securing Active Directory?

What Keeps You Up at Night? Insights from a Ponemon Data Access Governance Study: Are You Securing Active Directory? As an IT professional, you’ve likely made a number of different investments to protect the data within your organization. In order to help with the provisioning of user access rights, you may have invested in an Identity and Access Management (IAM) solution. You’ve likely adopted a SIEM and Data Loss Prevention (DLP) platform as well. And you should!  These technologies provide…

Read More Read More

The Top 5+1 Things You Should do to Harden Your Active Directory Infrastructure

The Top 5+1 Things You Should do to Harden Your Active Directory Infrastructure

Microsoft Active Directory (AD) is the central credential store for 90% of organizations worldwide.  As the gate keeper to business applications and data, it’s not just everywhere, it’s everything!  Managing AD is an ongoing, never-ending task, and securing it is even harder.  At STEALTHbits, we talk to a lot of customers who are using our tools to manage and secure AD, and over the years, several key strategies for tightening up security and hardening AD to resist attacks have emerged….

Read More Read More

Detecting Pass-the-Hash with Honeypots

Detecting Pass-the-Hash with Honeypots

Credential theft within Windows and Active Directory continues to be one of the most difficult security problems to solve.  This is made clear in the Verizon DBIR where it is reported that the use of stolen credentials is the #1 action identified across data breaches. Microsoft has acknowledged this challenge and responded with a guide on how to mitigate the Pass-the-Hash attack.  They have expanded on their recommendations and outlined steps to set up a tiered Active Directory environment and…

Read More Read More

ProTip: Eliminating Weak Active Directory Passwords

ProTip: Eliminating Weak Active Directory Passwords

Here’s a quick way to identify accounts with bad passwords in your Active Directory (AD). If you’re running StealthAUDIT for Active Directory, this is a very effective yet low-effort way to eliminate compromised passwords from your domain. Finding the bad passwords: From your web browser, click through the report tree down to the Active Directory>Users section. The report you want is called ‘Weak Password Checks.’ One of the checks in this report performs a hash comparison between your AD passwords…

Read More Read More

The State of Microsoft Active Directory – Report by Forrester

The State of Microsoft Active Directory – Report by Forrester

Forrester just released The State of Microsoft Active Directory 2018 report by Merritt Maxim, and it’s definitely something that anyone interested in current state of Active Directory (AD) usage and where it’s going should read. Here are some of the key takeaways summarized by the report: Demand for Cloud Based AD is growing. On-prem AD is still dominant in the enterprise, but as cloud deployments of applications and services grow, AD in the cloud is growing with them. If you…

Read More Read More

Market Trends: Announcing StealthINTERCEPT 5.0 General Availability – With Enterprise Password Enforcer & LSASS Guardian™

Market Trends: Announcing StealthINTERCEPT 5.0 General Availability – With Enterprise Password Enforcer & LSASS Guardian™

Transforming Active Directory Security Five years ago we introduced the StealthINTERCEPT product line, to address the growing requirement for a comprehensive Active Directory change and access monitoring solution. We know that Active Directory is safest when it is clean, properly configured, closely monitored, and tightly controlled – that is exactly what StealthINTERCEPT has been successfully doing for its users. The security implications of a well maintained and monitored AD environment have significantly increased in the years since we first released…

Read More Read More

From Botnets to DACL Backdoors: A Journey through Modern Active Directory Attacks – Part I

From Botnets to DACL Backdoors: A Journey through Modern Active Directory Attacks – Part I

Active Directory DACL Backdoors In my last blog post, we examined Active Directory (AD) backdoors and how to defend against them. The botnets’ primary communication mechanism relied on abusing AD attributes. Once established, these botnets allow attackers to communicate across internal security controls, exfiltrate data—and most importantly—gain a foothold that is very difficult to detect and remove. All accomplished without one line of malicious code. Now that’s a real life advanced persistent threat…only it isn’t as advanced as nation-state style…

Read More Read More

4 Attacks that Exploit Active Directory Permissions and How to Protect Against Them

4 Attacks that Exploit Active Directory Permissions and How to Protect Against Them

Introduction: Active Directory Permissions Attacks In a previous blog series, we have written about attacks against Active Directory (AD) administrative rights and service accounts. These topics have led to several discussions with coworkers and employees about other ways to penetrate and attack Active Directory environments. Throughout these conversations, one topic was repeatedly overlooked: Active Directory permissions. Most approaches to elevating privileges within AD focus on administrative rights, stealing credentials and passwords, and performing pass-the-hash attacks. These are all very effective…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.