What’s New? Q3

ADAssessor

How vulnerable is your Active Directory?

Active Directory (AD) is a Microsoft product consisting of several services to administer permissions and access to networked resources on a Windows Network. Because it is the primary source of information for all enterprise resources and seamlessly integrates business applications, it is a high-value target for attackers.

Challenges

● Most organisations monitor logs for unusual behaviour, which doesn’t provide real-time assessment of Active Directory to detect exposures or changes in settings and policies that may introduce weaknesses for attackers to leverage.
● Multi-level IT teams manage Active Directory and can introduce changes without understanding the risk or exposures that these additions can cause.
● Existing security controls are not AD-aware and cannot detect mass changes from brute force attacks, DCsync, DCshadow, and similar attack tactics.

Solution

The ADAssessor solution is a standalone offering that provides continuous visibility to AD exposures vulnerable to attack and detects advanced Active Directory attacks in real-time. The solution includes functions to automatically remediate these exposures and works with the Attivo Networks ADSecure solution to provide advanced Active Directory protection.

Once an organisation deploys ADAssessor, it detects vulnerabilities within their AD environment, including misconfigurations, excessive privileges, or data exposures. It then remediates those weaknesses before attackers can take advantage of them, ultimately reducing the AD attack surface and risk. Running continuously or on-demand, ADAssessor will automatically monitor AD, analyse changes, and identify new exposures that indicate possible malicious activity.

Benefits

● Visibility to AD security hygiene issues and actionable alerting for key exposures at the domain, computer, and identity levels.
● Real-time detection of AD privilege escalation and granular restrictions for access to AD information without impacting business operations.
● Continuous insights into identities and service account risk related to credentials, privileged accounts, stale accounts, shared credentials, and identity attack paths
● Easy to deploy: the solution runs from a single endpoint and doesn’t require privileged access to Active Directory.

To discuss more with one of our Cyber Security advisors, contact Vectra today.