Quest Software released On Demand Audit (ODA) anomaly detection to protect against ransomware by detecting anomalous behavior in hybrid Active Directory (AD) and Microsoft 365 environments.
As ransomware remains a prominent threat to organizations, ODA anomaly detection acts as an added layer of defense by detecting significant surges in activity that could be indicative of an attack or compromise so organizations can stop attackers before they get into their environments.
ODA combines monitoring of critical indicators of compromise (IOCs) to detect and thwart intrusions with advanced analytics to detect anomalous increases in user activity that can be indicative of an attack in progress. By automatically analyzing large volumes of events to proactively notify users of irregular or inconsistent behaviors that require investigation, organizations don’t have to wait for intruders to make themselves known before acting.
This early detection feature allows attackers to be stopped before significant damage occurs. ODA anomaly detection presents anomalies in context to illustrate true threats and speed investigations, eliminating the need to spend days chasing false positives, saving time and resources.
“Ransomware isn’t going away. Attack volume is increasing, and attacks are becoming more impactful,” said Michael Tweddle, President and General Manager, Quest Microsoft Platform Management business. “On Demand Audit anomaly detection enables organizations to fight back and eliminate intruders before attacks can escalate. Having a backup in place is no longer enough; organizations need the kind of protection that puts a spotlight on potentially anomalous behavior before it becomes an all-out attack.”
According to Gartner, “increasingly sophisticated ransomware attacks are specifically targeting backup data and administrator functions.” This includes “stealing of credentials for critical systems accounts” and “attacks on the backup administration console.” CISA MS-ISAC Ransomware Guide prescribes prevention tactics called the system of least privilege: Apply the principle of least privilege to all systems and services so that users only have the access they need to perform their jobs. Threat actors often seek out privileged accounts to leverage to help saturate networks with ransomware.
The solution uniquely approaches AD security monitoring by capturing attempts to compromise the directory as they occur to prevent attackers from gaining a foothold in an environment. Simultaneously, ODA audits user activity across both on-premises AD, as well as Azure AD and Microsoft 365, to detect anomalous behavior that could indicate bad actors already at work inside of a network.
This release comes on the heels of Quest’s introduction of Recovery Manager for Active Directory Disaster Recovery Edition, a tool designed to help organizations eliminate the risk of malware re-infection throughout the Active Directory recovery process to minimize the impact of ransomware attacks.