STEALTHbits Technologies, a cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers use to steal that data, announced the release of StealthDEFEND v2.0, their real-time threat detection and response platform.
This release capitalizes on the momentum in the Active Directory (AD) market. This momentum has been building for well over a decade as STEALTHbits has aggressively developed new technologies, acquired talent from organizations like BeyondTrust and Quest Software, as well as acquired companies in the AD space.
With the advent of highly powerful, incredibly clever tools like MimiKatz, Bloodhound, CrackMapExec, and the like, the timing of this release is impeccable as Active Directory has never been under greater threat. Now, at precisely the time its needed most, STEALTHbits has released the ultimate Active Directory defense platform.
StealthDEFEND v2.0 features support for 15 new Active Directory attack tactics, techniques, and procedures (TTP), additional response playbook actions, and contextual resource tagging for enhanced risk profiling. This allows organizations to prevent attackers from compromising Active Directory, the most critical service within virtually any organization.
As the primary hub of user authentication and resource authorization for 90% of enterprises worldwide, Active Directory controls access to the vast majority of organizational data, making it a primary target in nearly any breach scenario.
Although vastly improved over the years, the native auditing and security controls organizations are forced to leverage for Active Directory are rudimentary and largely ineffective against modern attack vectors. Active Directory and the data it supplies access to are already vulnerable to attack, and without appropriate defenses, successful compromise is inevitable.
“What we’ve done in StealthDEFEND v2.0 may possibly be our greatest achievement and innovation yet,” said Jeff Warren, GM of Products at STEALTHbits. “We’ve been providing enterprise-grade Active Directory management and security solutions to the world’s largest enterprises for well over a decade, and developing a solution purpose-built to automatically identify the behaviors associated with both known and suspected threats against Active Directory was a significant challenge. It required not just an in-depth understanding of the ways attackers are able to compromise AD, but the necessity to obtain, normalize, and codify data that otherwise does not exist in Active Directory natively.”
Warren continued, “The best part is that we’re not just detecting these threats in real-time and with pinpoint accuracy, but capable of responding to them automatically to contain and mitigate the damage.”
In extensive beta trials with existing STEALTHbits customers, StealthDEFEND v2.0 proved capable, scalable, and highly accurate in its detection of abnormal and nefarious behaviors associated with Active Directory compromise. Notable features include:
- Advanced attack detection – Detect and respond to the specific tactics, techniques, and procedures (TTPs) attackers are leveraging when attempting to compromise Active Directory, including DCShadow, DCSync, Golden Tickets, Password Spraying, Kerberoasting, LSASS Process Injection, and LDAP Recon
- Response playbooks – Automatically or programmatically respond to threats the instant they’re identified using an extensive catalog of preconfigured and customizable response actions, including direct integration with technologies such as ServiceNow, Slack, Microsoft Teams, and popular SIEM platforms like Splunk and IBM QRadar
- Machine learning & user behavior analytics (UBA) – Identify unusual activity as compared to the behavioral profile created by StealthDEFEND’s unsupervised machine learning engine
- Automated context injection – Automatic tagging of privileged users, groups, data, and resources appropriately adjusts risk ratings associated with abnormal or nefarious behaviors
- Comprehensive investigations – Perform comprehensive forensic investigations on users and related activities in ad-hoc fashion or for compilation of digital case files
- User-defined threats – Define threats and their parameters in alignment with your organization’s specific needs and requirements