QOMPLX Identity Assurance now automatically detects identity-based attacks on cloud service providers

QOMPLX announced the extension of its Identity Assurance analytics solution to automatically detect identity-based attacks on cloud service providers.

The company’s new Cloud Identity Forgery detections for Q:CYBER detect lateral movement and post-exploitation attacks, including those used in the SolarWinds (Sunburst) compromises, in which attackers illicitly accessed federated cloud services using forged Security Assertion Markup Language (SAML) assertions.

With these new Cloud Identity Forgery detections, customers’ enterprise authentication infrastructures are protected seamlessly across on-premise and cloud environments – even when linked together for hybrid environments.

Since 2018, QOMPLX Identity Assurance software has provided the fastest and most accurate enterprise identity detections for attacks against Active Directory abusing the Kerberos protocol.

Identity Assurance protects some of the world’s largest networks with its patented, stateful detections for Golden Ticket, Silver Ticket, DCSync, and DCShadow authentication attack techniques, as well as with additional real-time detections for related attacks and anomalous behaviors in on-premise authentication.

Building on this success, Identity Assurance’s new and patented Cloud Identity Forgery detections extend these strong on-premise capabilities to customers’ SAML-authenticated cloud applications for supported identity providers.

This new offering brings to market years of research and development, giving customers powerful new tools to restore and improve trust in authentication across their extended enterprises.

“Companies have been moving their applications to SaaS- and cloud-based services at a rapid clip. To secure their expanded perimeters, CISOs need these cloud services to trust their enterprise identity credentials,” explained Andrew Jaquith, QOMPLX’s CISO and Cyber General Manager.

“QOMPLX has been researching and selectively publishing how threat actors might compromise SAML-based cloud identities and trust relationships between cloud and on-premise identity infrastructure since the security community published the ‘Golden SAML’ technique in 2017.

“We are pleased to be putting these state-of-the-art detections in our customers’ hands to help secure their cloud services, especially when coupled with our market-leading identity detections for on-premise and hybrid environments.”

With this new addition to the Q:CYBER Identity Assurance suite, the most advanced Active Directory Security solution in the market is now also the most advanced SAML security solution available.

QOMPLX’s ability to detect attacks based on anomalous or inappropriate activity and its unique streaming authentication protocol validation approach continues to drive its selection by multiple global leaders across a variety of industries.