SpecterOps Privilege Zones enables security teams to define logical access boundaries

SpecterOps introduced Privilege Zones, a new addition to its flagship BloodHound Enterprise platform.

Privilege Zones enable teams to define custom security boundaries around business-critical resources and enforce least privilege access continuously in on-prem, cloud and hybrid environments.

IT and security teams go to great lengths to configure identity properly, but the sheer magnitude and complexity of enterprise cloud and on-prem environments, along with the proliferation of human and non-human identities, make this an impossible task. The result is over-permissioned accounts and thousands of cracks in security programs.

Adversaries use these attack paths to traverse the enterprise, moving laterally and escalating privileges to compromise critical assets.

BloodHound Enterprise was the industry’s first platform to help visualize and eliminate identity-based attack paths, focusing initially on protecting Tier Zero assets with direct or indirect administrative control. With the introduction of Privilege Zones, organizations can now extend the power of Identity Attack Path Management to protect their most vital business assets like HIPAA enclaves, code repositories, or PCI-DSS payment systems.

Privilege Zones enable security teams to define logical access boundaries that map to business-critical assets and resources. By grouping assets into zones, administrators can readily enforce the principle of least privilege at scale.

Privilege Zones also detect identities vulnerable to hybrid attack paths, enabling the enforcement of cross-system privilege separation at scale. Unlike traditional access policies that rely on best practices and documentation, Privilege Zones create enforceable technical controls that make boundaries enforceable and help organizations move toward zero trust.

• Define Zones based on tiers, sensitivity or business function
• Prevent privilege escalation or lateral movement between zones
• Prevent misconfigurations from becoming attack paths

“Defenders have tried to enforce the principle of least privilege for years, but it’s almost never worked because they didn’t have enough visibility into their identity environment,” said Justin Kohler, CPO at SpecterOps. “BloodHound Enterprise, with the new addition of Privilege Zones, looks at the enterprise the way an adversary does, which allows them to make real progress toward that goal.”

Privilege Zones will be offered as a premium option for BloodHound Enterprise. It will be available to Early Access customers in early July and General Availability in August.