Netwrix Enterprise Auditor (formerly StealthAUDIT) 11.6 has been released LEARN MORE

Stealthbits Detects More Threats & Reduces Attacker Dwell Time with New Capabilities

Blog >Stealthbits Detects More Threats & Reduces Attacker Dwell Time with New Capabilities

Cyberattacks and data breaches are simply too common, with nearly 4,000 confirmed data breaches reported in the latest 2020 Verizon Data Breach Investigations Report. Recent news demonstrates Active Directory (AD) is under heavy attack from adversaries of all types, including nation-state sponsored and organized cybercriminal groups alike.

June 17, 2020 – North Korea’s state hackers caught engaging in BEC scams

“We found that the attackers queried the AD (Active Directory) server to obtain the list of employees including administrator accounts, and subsequently performed password brute-force attacks on the administrator accounts,” ESET security researcher Jean-Ian Boutin said.

June 21, 2020 – Ransomware operators lurk on your network after their attack

“We know of several cases where Ransomware actors remained on a victim’s network after they have deployed their ransomware. In these cases, the attackers encrypted the victim’s backups after the initial attack or during negotiations, which made it clear that the attacker still had access and was reading the victim’s email.”
John Fokker, Principal Engineer and Head of Cyber Investigations for McAfee

July 7, 2020 – Ransomware + Exfiltration + Leaks = Data Breach

“…When more advanced attackers gain remote access to a victim’s network, they may spend weeks or months exploring it in depth, trying to escalate privileges to take control of Active Directory, as well as seeking systems that store valuable or sensitive information…..Finally, attackers might use their Active Directory access to push ransomware onto every possible endpoint in an organization.”

In each of these recent breaches, Active Directory was noted as a key attack component. Now more than ever, organizations need to protect themselves, their customers, and their data…and it starts with Active Directory.

In the latest release of StealthDEFEND®, we have added new and enhanced AD attack detections to our comprehensive library of detectable attacks.

  • Pass-the-Ticket (New) – Detect the theft of Kerberos Ticket Granting Tickets (TGT) and their use by a threat actor for lateral movement
  • Group Managed Service Account (GMSA) Exploitation (New) – Detect unauthorized retrieval of Group Managed Service Account passwords
  • Golden Ticket & Forged PAC (Enhanced) – Golden Ticket and Forged PAC threat analytics leverage a new Ticket Granting Tickets (TGT) cache for more accurate detection
  • User Behavior Analytics (Enhanced) – Detection speed and visualization of behavior anomalies over time have been improved
  • Threat Response: Follow-up Playbooks – Playbooks are a series of response actions automatically following the detection of a threat. Users now gain the ability to trigger follow-up playbooks based on whether the actions in the first playbook were successful or failed.

Knowing what to look for, the Tactics, Techniques, and Procedures (TTPs) bad actors use during attacks is critical to identifying and halting progress early. Again, in this release, we’re going beyond simply alerting your security pros when we detect an attack, offering threat response playbooks that auto-trigger when a threat is detected. Both knowing what to look for and responding immediately with the proper corrective or containment actions are critical for reducing dwell time during a breach.

Rod Simmons – VP of Active Directory Product Strategy

“Reducing the dwell time of attackers has everything to do with accelerating detection of, and response to, cyber threats.”, said Rod Simmons, VP, Product Strategy at Stealthbits. “The new and enhanced attack detection in this release strengthens an already extensive library of attacks we are tuned to detect. The ability to auto-respond the instant attacks are detected vastly improves any organization’s ability to contain and eradicate threats quickly and with confidence.”

Additionally, in the newest release of StealthINTERCEPT®, Stealthbits has provided new tools to remove the signal-to-noise ratio within important datasets like Active Directory LDAP activity and AD ‘Read Event’ auditing, allowing security practitioners to more easily pinpoint attack behaviors. We have also added the ability to detect when Flexible Single Master Operation (FSMO) roles are relocated or taken by a new system.

  • Enhanced LDAP Filtering – Remove LDAP query ‘noise’ and improve threat detection by filtering based on search scope, attributes requested and returned, and number of items returned
  • Active Directory Read Event Auditing – Gain the ability to enable surgical auditing of attribute read events that could indicate reconnaissance or other nefarious activities, such as unauthorized reading of LAPS passwords or BitLocker recovery passwords
  • FSMO Role Owner Changes – Detect when FSMO roles are moved or seized by a new system

Lastly in the newest release of Stealthbits Activity Monitor, we expand visibility into Azure Active Directory with the ability to monitor and investigate over 800 events.

Organizations seeking ways to make substantial improvements in their ability to mitigate, detect, and even prevent advanced threats targeted at Active Directory or any of the resources Active Directory has been connected to are invited to evaluate Stealthbits’ offerings in full. We help organizations from Fortune 100’s to SMBs get a better handle on and the security of the backbone of authentication and authorization within their hybrid environments.

StealthDEFEND 2.5, StealthINTERCEPT 7.1, and Stealthbits Activity Monitor 5.0 are available immediately. To learn more, register for our upcoming webinar:

To arrange a private demonstration or for more information, visit

Featured Asset

Leave a Reply

Your email address will not be published. Required fields are marked *




© 2022 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.