STEALTHbits released StealthINTERCEPT 7.0, their real-time Active Directory (AD) policy enforcement solution that audits and blocks unwanted and unauthorized changes, authentications, and queries within the world’s most complex AD infrastructures.
With 95 million AD accounts attacked daily and 56% of breaches taking a month or longer to discover, attackers still have the upper the hand on security. While many organizations do some general monitoring, auditing, and threat detection, it’s not enough to slow down the number of cyber-attacks, which increased 54% in the first half of 2019.
The latest enhancements delivered in StealthINTERCEPT 7.0 aim to provide organizations advanced capabilities to thwart attacks against AD and provide progressive password policy and complexity improvements that boost security without causing poor user and administrator experiences.
Among dozens of significant enhancements, StealthINTERCEPT 7.0 can now detect successful and failed Kerberos pre-authentication events in order to provide administrators and security analysts visibility into nefarious activities like password spraying attempts using tools like Kerbrute early in the attack kill chain.
This release also allows users to audit and block AD User Account Control (UAC) and DNS configuration changes, as well as detect and block LDAP queries attempting to identify where sensitive data resides and the best attack path to it (e.g. attackers leveraging tools like Bloodhound).
While passwords can be a significant source of irritation for end-users and administrators alike, they still play a critical role in organizational defenses and workplace experiences.
StealthINTERCEPT 7.0 contains a number of significant enhancements focused on strengthening account passwords, headlined by the ability to compare user passwords against the “Have I Been Pwned” database of 550+ million known breached passwords and prevent them from being used at their time of creation.
This release also allows administrators to more granularly control password requirements to ensure compatibility with all resources and provide users clear definition of password policies and rejected password feedback during the password change process.
To further improve passwords and keep attackers from guessing common substitutions, organizations can now control which character replacements are allowed and which are not (e.g. $=S or @=A). To facilitate smooth operations, customers can now test new password policies prior to rollout and evaluate any potential impacts they would cause if established.
“As is the goal with every release of StealthINTERCEPT, the enhancements in v7.0 are aimed at providing easy to use capabilities to improve organizational defenses without burdening users or administrators,” stated Rod Simmons, Vice President of Product Strategy, STEALTHbits Technologies.
“We’ve all been hearing for years about alert fatigue and a lack of resources in the cybersecurity space. One of the most beautiful things about StealthINTERCEPT is its ability to help security and even operational teams move beyond the never-ending deluge of alerts and actually prevent attackers, malicious insiders, and even well-intentioned administrators from violating security policy and operational policies in the first place.”