Introducing StealthAUDIT 11.5! Complete your cloud security puzzle. LEARN MORE

Stealthbits Extends Industry’s Most Comprehensive Active Directory Security Portfolio

August 5, 2020

ActiveDirectory Attack Detections Such as “Pass the Ticket” and Group Managed Service Account (gMSA) Exploitation Pinpoint Attacks, andAuto-Response Playbooks Speed Threat Containment

HAWTHORNE, NJ, August 5th, 2020 — Stealthbits Technologies, Inc., a customer-driven cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers use to steal that data, today announced multiple enhancements to its Active Directory (AD) threat, policy enforcement, and auditing platforms.

Cyberattacks and data breaches are simply too common, with nearly 4,000 confirmed data breaches reported in the latest 2020 Verizon Data Breach Investigations ReportRecent news demonstrates Active Directory is under heavy attack from adversaries of all types, including nation-state sponsored and organized cybercriminal groups alike.

In each of these recent breaches, Active Directory was noted as a key attack component. Now more than ever, organizations need to protect themselves, their customers, and their data, and it starts with Active Directory.

In the latest releases of StealthDEFEND®StealthINTERCEPT®, and Stealthbits® Activity Monitor, Stealthbits has added new and enhanced AD attack detections to its comprehensive library of detectable attacks.Additionally, Stealthbits has providednew tools to remove the signal-to-noise ratio within important datasets like Active Directory LDAP activity, allowing security practitioners tomore easily pinpoint attack behaviorsAuto-response playbooks provide immediate reaction and containment of detected attacks and new follow-up actions can be linked and auto-triggered based on the results of previously executed responses.

“Reducing the dwell time of attackers has everything to do with accelerating detection of, and response to, cyber threats.”, said Rod Simmons, VP, Product Strategy at Stealthbits.The new and enhanced attack detection in this release strengthens an already extensive library of attacks we are tuned to detect. The ability to auto-respond the instant attacks are detected, vastly improves any organization’sability to contain and eradicate threats quickly and with confidence.”

Even as the Active Directory Security market continues to expand with new offerings, Stealthbits continues to widen the innovation and capability gap with these and dozens of additional enhancements to its already industry-leading portfolio of solutions. From robust state-based and real-time auditing to password analysis and enforcement, purpose-built AD threat detection and response to rollback and recovery, AD privilege security, governance, clean-up, deception, change, authentication, and request prevention, and more, Stealthbits boasts the broadest and most complete set of AD security solutions developed over a 15-year history in the space

New and enhanced threat detection and response capabilities

  • Pass-the-Ticket (New)  Detect the theft of Kerberos Ticket Granting Tickets (TGT) and their use by a threat actor for lateral movement
  • Group Managed Service Account (GMSA) Exploitation (New)  Detect unauthorized retrieval of Group Managed Service Account passwords
  • Golden Ticket & Forged PAC (Enhanced) – Golden Ticket and Forged PAC threat analytics leverage a new Ticket Granting Tickets (TGT) cache for more accurate detection
  • User Behavior Analytics (Enhanced) – Detection speed and visualization of behavior anomalies over time have been improved
  • Threat Response: Follow-up Playbooks –Playbooks are a series of response actions automatically following the detection of a threat.Users now gain the ability to trigger follow-up playbooks based on whether the actions in the first playbook were successful or failed.
  • Enhanced LDAP Filtering – Remove LDAP query ‘noise’ and improve threat detection byfilteringbased on search scope, attributes requested and returned, and number of items returned
  • Active Directory Read Event Auditing – Gain the ability to enable surgical auditing of attribute read events that could indicate reconnaissance or other nefarious activitiessuch as unauthorized reading of LAPS passwords or BitLocker recovery passwords
  • FSMO Role Owner Changes – Detect when FSMO roles are moved or seized by a new system
  • Azure Active Directory MonitoringCheck for varying changes that could signal a threat (Stealthbits reports on over 800 events across different categories and services)

Organizations seeking ways to make substantial improvements in their ability to mitigate, detect, and even prevent advanced threats targeted at Active Directory or any of the resources Active Directory has been connected to are invited to evaluate Stealthbitsofferings in full.

Stealthbits Founder and CEO, Steve Cochran said, “We’ve made it our mission to provide the most innovative and useful approaches availablefor managing and securing Active DirectoryWe understand there is significant fatigue within organizations when it comes to dealing with AD, but the fact of the matter is that the problems with AD cannot be wished away and AD itself cannot be eradicated from existence overnight. In the interim, we’re committed to continual improvement and innovation in the space and believe we’re leading the charge toward a better future for Active Directory and the many thousands of organizations that rely on it every day.

StealthDEFEND 2.5, StealthINTERCEPT 7.1, and Stealthbits Activity Monitor 5.0 are available immediately. To learn more, Stealthbits invites customers, partners, and prospects to register for our upcoming webinar arrange a private demonstration or for more information, visit

About STEALTHbits Technologies

Identify threats. Secure data. Reduce risk.

STEALTHbits Technologies, Inc. is a cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers use to steal that data. By removing inappropriate data access, enforcing security policy, and detecting advanced threats, we reduce security risk, fulfill compliance requirements, and decrease operations expense. 

For more information, visit, email, or call +1-201-447-9300.

The STEALTHbits logo and all other STEALTHbits product or service names and slogans are registered trademarks or trademarks of STEALTHbits Technologies, Inc. All other trademarks and registered trademarks are property of their respective owners.

# # #

Media Contact:

Dan Chmielewski
Madison Alexander PR
Office: +1 714-832-8716
Mobile: +1 949-231-2965

© 2021 Stealthbits Technologies, Inc.