Five years ago we introduced the StealthINTERCEPT product line, to address the growing requirement for a comprehensive Active Directory change and access monitoring solution. We know that Active Directory is safest when it is clean, properly configured, closely monitored, and tightly controlled – that is exactly what StealthINTERCEPT has been successfully doing for its users.
The security implications of a well maintained and monitored AD environment have significantly increased in the years since we first released StealthINTERCEPT. We have covered many of the attacks that take advantage of misconfigurations or weaknesses in AD across several blog series, including Jeff Warren’s AD Attack series. Tools such as MimiKatz are now ubiquitous among attacks and defenders alike – in fact, just this week the author of MimiKatz, Benjamin Delpy, is unveiling yet a new attack against AD dubbed “DCShadow”. The attack transforms a compromised workstation into a Domain Controller and can push changes that are unseen by your SIEM.
These are the reasons that we chose to invest as heavily as we have into protecting Active Directory with the 5.0 release of StealthINTERCEPT. Yes, StealthINTERCEPT remains the best AD change and access monitoring solution that also incorporates security controls to prevent incidental or malicious changes and so we built on this foundation to help thwart critical elements of credential theft attacks.
StealthINTERCEPT 5.0 limits the exposure of privileged credentials across multiple threat vectors. From the StealthINTERCEPT LSASS Guardian™ which protects against memory injection attacks to DCSync protection and enforcement of ESAE Administrative Forest Designs, StealthINTERCEPT 5.0 combines cutting-edge enhancements and enforcement of recommended practices to elevate Active Directory security.
STEALTHbits LSASS Guardian™ is a new security feature designed to detect and prevent unauthorized code injection into the Local Security Authority Subsystem Service (LSASS) of Active Directory Domain Controllers.
Some of the attacks that LSASS Guardian™ Protects against include:
DCSync attacks work by impersonating Domain Controllers to pull current and previous password hashes from a DC over the network without requiring interactive logons or gaining direct access to Active Directory’s database – the NTDS.dit file. This attack effectively “impersonates” a Domain Controller and requests account password data from the targeted Domain Controller. We covered how these attacks are executed in a past blog post.
StealthINTERCEPT 5.0 now detects attempts to execute DCSync attacks and can also prevent them!
In 2016 the Verizon Data Breach Investigations Report stated that 63% of confirmed data breaches leverage a weak, default, or stolen password. The 2017 Verizon DBIR report that 81% of hacking-related breaches leveraged either stolen and/or weak passwords.
The newly introduced StealthINTERCEPT Enterprise Password Enforcer proactively prevents the usage of weak and compromised passwords from being used – regardless of whether or not they meet complexity requirements – further enforcing password hygiene and reducing the opportunity for attackers to crack or guess passwords in automated or manual fashions.
These are just some of the highlights of StealthINTERCEPT 5.0, we have packed a lot more exciting features into this release. If you would like to learn more or download a free trial please sign up for our upcoming webinar and visit our product page.
Gabriel Gumbs is the VP of Product Strategy at STEALTHbits Technologies responsible for end-to-end product vision and innovation. With a 16 year tenure in CyberSecurity, he has spent most of that time as a security practitioner, aligning security innovations with business objectives for Fortune 100 organizations. Gabriel is an information security thought leader, privacy advocate and public speaker.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.
Read more© 2022 Stealthbits Technologies, Inc.
Leave a Reply