The threat against Active Directory is real.
From Golden Tickets to DCShadow, the tactics, techniques, and procedures attackers are leveraging to compromise AD are substantially more sophisticated than in years past, requiring a different approach in order to address these modern threats.
“We found that the attackers queried the AD (Active Directory) server to obtain the list of employees including administrator accounts, and subsequently performed password brute-force attacks on the administrator accounts.”
“It is important to note is that attackers already have been ploughing around in a victim’s Active Directory so in order to flush out any remaining backdoor accounts a full AD review needs to be undertaken,”
StealthDEFEND provides the ability to detect, alert, investigate and respond to advanced threats against Active Directory, in real-time.
Automatically mapping the detailed structure of your enterprise, StealthDEFEND leverages a highly tuned and enriched feed of security and operational activity happening inside of Active Directory to learn how users and devices behave.
This information enables StealthDEFEND to detect abnormal and outlier behaviors, reconnaissance activities, and targeted attacks using advanced techniques.