Netwrix Enterprise Auditor (formerly StealthAUDIT) 11.6 has been released LEARN MORE

New – Purpose-Built Active Directory Threat Detection & Response Platform

Blog >New – Purpose-Built Active Directory Threat Detection & Response Platform
| Adam Laub | | Leave a Comment

Active Directory has always been at the center of it all, but with the advent of highly powerful, incredibly clever tools like Mimikatz, BloodHound, CrackMapExec, and the like, Active Directory has now become the center of attention.

Since 2005, STEALTHbits has been providing organizations of all sizes the best products and tools available to understand, manage, and secure their increasingly complex, ever-changing, ever-growing Active Directory environments.  Now in 2019, at precisely the time its needed most, we’re both proud and excited to announce the availability of StealthDEFEND v2.0, the ultimate Active Directory defense platform.

What is StealthDEFEND and what does it do for Active Directory?

StealthDEFEND is a real-time threat detection and response solution purpose-built to protect an organization’s credentials and data. In version 2.0, StealthDEFEND has been extended to provide the ability to detect, alert, investigate and respond to advanced threats against Active Directory, in real-time.

Automatically mapping the detailed structure of your enterprise, StealthDEFEND leverages a highly tuned and enriched feed of security and operational activity happening inside of Active Directory to learn how users and devices behave.

This information enables StealthDEFEND to detect abnormal and outlier behaviors, reconnaissance activities, and targeted attacks using advanced techniques.

What kind of behaviors? What kind of advanced techniques?

This is really at the heart of the whole subject. Although vastly improved over the years, the native auditing and security controls organizations have been forced to leverage for Active Directory have been too rudimentary and largely ineffective against modern attack vectors, even when supplemented by otherwise modern technologies like SIEM and UBA platforms.

As opposed to legacy approaches reliant on inadequate log data that just doesn’t have the information needed to get the job done, StealthDEFEND has been purpose-built to automatically identify the behaviors associated with known and suspected threats focused on Active Directory account compromise.

Active Directory Threats: StealthDEFEND detects threats like Golden Tickets, DCSync, DCShadow, Kerberoasting, LDAP Recon, LSASS Process Injection, and Password Spraying in real-time with pinpoint accuracy, and responds automatically to contain and mitigate the damage.

Abnormal/Unauthorized Active Directory Behavior: StealthDEFEND leverages unsupervised machine learning algorithms to baseline user and system activities in order to detect outlier behavior indicative of account compromise, such as Lateral Movement using Pass-the-Hash, Service Account Misuse, Sensitive Group Changes, and much more.

What makes StealthDEFEND different?

Outside of being the only solution designed to specifically address these Active Directory attack vectors, one of the most unique capabilities of StealthDEFEND is its’ action engine and corresponding response playbooks.

Figure 1 – StealthDEFEND Response Playbook Sample Workflow – MFA Prompt for Pass-the-Hash Detection

Rather than just detecting the threat and sounding the alarm, StealthDEFEND provides a multitude of response options that can run automatically or on demand when threats are identified. Options include:

Stop Process Revert Permissions Change VirusTotal Report
Delete File Send Email Microsoft Teams
Send Syslog Create ServiceNow Ticket Save File Hash
Twilio SMS Message AD Group Membership Change Disable User Remote Desktop Access
PowerShell Script Disable Active Directory Account Force Change Password at Next Logon
WebHook Send Slack Message Duo Authentication Push
Figure 2 – StealthDEFEND Response Playbook Actions

Why StealthDEFEND? Why now?

Active Directory has never been in a more vulnerable position. The sophistication of the tools and techniques attackers have devised to compromise perhaps the most critical service within any enterprise have far outpaced those same organization’s abilities to protect themselves.

StealthDEFEND addresses the plethora of problems organizations face in securing Active Directory from advanced threats, allowing them to detect threats they may not even know exist, understand concepts they may have never been exposed to, and respond in ways that prevent or mitigate the extensive damage that can be done otherwise.

Learn More!

Want to learn more about StealthDEFEND? Visit our product page.

Want to learn more about Active Directory attacks? Visit our attack site.

Want to see a demo? Fill out our demo request form.

Want to get StealthDEFEND installed in your environment? Contact us.

Don’t miss a post! Subscribe to ‘The Insider Threat Security’ Blog here:


Featured Asset

Leave a Reply

Your email address will not be published. Required fields are marked *




© 2022 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.