SpecterOps announced BloodHound Enterprise, an Attack Path Management (APM) security solution for Active Directory (AD). Designed to help organizations proactively and continuously identify, manage and remediate millions of AD Attack Paths, BloodHound Enterprise gives IT Ops and SecOps professionals the tools needed to dramatically and measurably improve AD security posture with minimal effort.
As a largely unseen, unmanaged and growing problem for enterprises, AD Attack Paths are used by attackers to gain control of systems and data, impersonate users, abuse legitimate access to non-AD systems and much more. This problem is compounded by mountains of misconfiguration debt in AD, making it difficult to create a strong security posture for AD security. Until BloodHound Enterprise there has not been a practical defensive tool that identifies and quantifies AD choke points, eliminating Active Directory as an attacker’s easiest, most reliable and biggest payoff target.
“Traditional approaches to AD security generate massive lists of generic misconfigurations and poor user behaviors that overwhelm teams and are generally impossible to resolve,” said David McGuire, CEO at SpecterOps. “In contrast, BloodHound Enterprise continuously identifies the critical Attack Path ‘choke points’ for elimination, visually illustrates the Attack Paths for contextual understanding, and prioritizes which Attack Paths to eliminate based on actual risk.”
Microsoft AD provides identity and access management, endpoint management and business application management. It is an extremely high-value target for attackers because it is widely used and because it offers features that can give attackers the “keys to the kingdom” if compromised. Attack Paths are chains of abusable privileges and user behaviors that create direct and indirect connections between computers and users within AD.
Once an attacker compromises a system or device, they can use the privileges of those users to compromise other systems or devices until they reach their final objective. AD controls which users have access to which systems, so configuring AD correctly can close off these Attack Paths – if the organization is aware they exist.
Active Directory best practices such as least privilege access and tiered administration are almost never implemented correctly or at all, and Attack Paths are too numerous and dynamic for reactive security measures to be effective. BloodHound Enterprise solves these problems with:
- Rapid, centralized cloud deployment in under an hour that allows IT Ops and SecOps teams to deploy across corporate and subsidiary locations to understand Attack Path risk quickly.
- Continuous, comprehensive Attack Path mapping that enumerates every possible path and highlights new paths introduced through configuration changes and user behaviors.
- Attack Path Choke Point identification with analysis of impact that allows teams to better prioritize remediation.
- Practical, precise and safe remediation guidance that leads teams through remediations step-by-step to sever Attack Paths without significant architecture revisions and avoiding disruptions to business operations.
- Quantifiable security posture improvement with the ability to report on Attack Path exposure of high value targets.
BloodHound Enterprise is distinct from BloodHound FOSS and SpecterOps remains fully committed to supporting BloodHound FOSS.