Active Directory continues to be a primary target for cyber criminals and securing it is a top priority for IT, Security, and Identity and Access Management professionals. SpecterOps’ Attack Path Management solution BloodHound Enterprise prioritizes and quantifies attack path choke points, complementing Quest’s real-time hybrid AD anomaly detection and disaster recovery capabilities. This allows organizations to eliminate AD attack paths and improve overall cyber security resilience.
“BloodHound Enterprise’s Attack Path Management methodology has already proven to be wildly successful in helping organizations reduce their exposure to Attack Paths in Active Directory. This partnership takes that protection even further by better equipping customers to defend against increasing attacks and helping to minimize potential threats with both preventative and restorative measures,” said David McGuire, CEO at SpecterOps. “We’re excited to be working with Quest to not only make BloodHound Enterprise more widely available, but to give customers more tools to help them improve their AD security posture.”
Eliminating AD attack paths has traditionally been a challenge, as security practitioners tend to think in lists (checking thousands of generic configuration issues) while adversaries think in graphs — making it easier for them to find an effective attack route. The average enterprise AD environment is large, complex and constantly changing, and AD’s built-in tooling makes it difficult to effectively detect Attack Paths.
In this strategic partnership, BloodHound Enterprise works with Quest’s AD management and auditing solutions to arm defenders with a graphical mapping of all AD attack paths. This enables defenders to easily identify, prioritize and eliminate the most vital avenues that attackers can exploit. Additionally, BloodHound Enterprise monitors and measures the improvement of an organization’s security posture over time via a C-level report card, which highlights risk reduction as misconfigurations are remediated and choke points are eliminated.
Furthermore, in the case of a successful attack, Quest Change Auditor and On Demand Audit Hybrid Suite’s real-time anomaly detection capabilities can identify and thwart attacks in progress; and Quest Recovery Manager for Active Directory Disaster Recovery Edition can recover AD at least five times faster than the manual forest recovery process, according to ESG Research. These capabilities complement the Attack Path Management offered by BloodHound Enterprise to form a robust suite of AD security protections.
“Historically, other solutions have failed to focus on what’s most important — the millions of paths an attacker can exploit that lead from ordinary user accounts or computers all the way to a critical Tier 0 asset like a domain controller, privileged group or backup,” said Michael Tweddle, President and General Manager at Quest. “To further improve our cyber resiliency offering, Quest has partnered with SpecterOps to empower organizations to eliminate AD attack paths that lead to their highest value targets – all while empowering them to track improvement to their security posture over time.”