GoSecure Titan Identity detects attacks against enterprise identity systems

GoSecure has released Titan Identity, a solution combining technology with a managed service to provide a cost-effective, deployable solution that enables organizations to improve credential theft response times.

Threat actors have many techniques to abuse identity services like Active Directory because they recognize identity controls access to everything. According to Microsoft’s 2022 Digital Defense Report, 93% of Microsoft investigations during ransomware recovery engagements revealed insufficient privilege access and lateral movement controls.

Detecting these attacks in the smallest possible timeframe is a critical requirement to reduce the chances of a successful breach. Yet, breaches caused by stolen or compromised credentials had the longest lifecycle — 243 days to identify the breach, and another 84 days to contain the breach (IBM Cost of a Data Breach Report 2022).

GoSecure Titan Identity is a purpose-built detection service aimed at reducing the time to detect and respond to attacks against enterprise identity systems like Microsoft Active Directory.

Through real-time analysis of Active Directory and other event log information, Titan Identity’s low false-positive alert technology enables Incident Response teams to leverage existing workflow systems to rapidly respond to common, yet lethal attacks launched after the initial foothold and protect the critical business assets.

“Any company operating Windows and using domain identity has a common, high-risk attack surface. Unfortunately, early detection often fails because of excess noise, poor visibility, or uninformative alerts,” said Jeff Schmidt, CTO at GoSecure.

“Titan Identity is a specialized solution intended to complement, rather than compete with, a SIEM by focusing on attacks against domain identity, where specialized technology and insight can deliver superior results,” Schmidt continued.

Key benefits include:

• Reduced detection and response times through continuous, in-progress visibility into identity attacks across hosts, servers, VMs, containers, desktops and laptops across the enterprise for the Incident Response team
• Increased productivity for analysts by reducing false positives, avoiding an additional UI, and delivering alerts with enriched messages
• Increased return on prior SIEM/SOAR investments by taking advantage of SIEM infrastructure, supporting new SOAR playbooks with automated actions and enabling use of out-of-SIEM logs that exceed your indexing and storage budget
• Verifiable accuracy enabled through continuous, automated testing and quantification of performance
• Lower deployment and change costs by avoiding network probes and sensors
• Enhanced internal team capabilities by providing access to a team of data scientists for growing identity attack detection capabilities

In contrast with other anomaly or signature-based detection systems, Titan Identity is comprised of 30+ discrete detectors and finely tuned machine learning models that are continuously tested to reduce false positives, enabling high confidence alerts within seconds.

The design enables the replacement of manual human-oriented workflows with automation that can operate with high confidence. This flexible and adaptable service is bundled with access to data science experts that provide ongoing data flow monitoring, detector development, and detector performance tuning services to ensure accurate, measurable results.

“By adopting Titan Identity, you gain rich coverage of attacks against enterprise identity without needing to make trade-offs between detectors on a fixed budget or increase the equipment, index, or logging budgets,” added Schmidt.

“Unless an organization has a team of data scientists dedicated to analyzing security datasets, incident responders will continue to struggle to effectively identify, detect and respond to sophisticated attacks on Active Directory,” Schmidt concluded.