Active Directory

STEALTHbits provides end-to-end security, governance, compliance, and threat detection for Active Directory.

Request a Free Trial

Powered by ChronoForms - ChronoEngine.com

Auditing, Reporting, and Governance

Auditing & Reporting

  • Catalog user, group, and computer object information, including object attributes, permissions, and direct group membership across the entire AD environment
  • Identify and remediate “toxic” group and user conditions
  • Keep track of the members of sensitive Active Directory Security Groups and users with elevated permissions to Active Directory objects
  • Report on account lockout events occurring within the targeted environment
  • Enumerate group memberships to report on all user objects with effective membership through both direct and nested sources
  • Generate dozens of preconfigured reports aligning to multiple compliance standards (SOX, HIPAA, PCI-DSS, GDPR, etc.)
  • Craft custom queries and reports aligning to organization-specific requirements

Governance

  • Identify and assign group owners
  • Enable owners to perform periodic group membership reviews
  • Enable self-service group membership requests
  • Allow group owners to perform ad-hoc membership changes

Security & Vulnerability Assessment

  • Identify who has specific permissions on any or all Active Directory objects
  • Report on advanced security permissions across all Organizational Unit objects in AD, including conditions like Broken Inheritance and Open Access
  • Report on the password status of all users to highlight potential issues and security vulnerabilities
  • Identify critical security misconfigurations that attackers use to compromise credentials

Clean-up

  • Programmatically or automatically clean-up stale AD objects
  • Automatically create and delete users, modify user, group, and computer attributes, enable and disable users, move objects, clear or set SID History, and more
  • Identify users with excessive token sizes due to historical SIDs and effective group memberships
  • Identify incomplete attributes on user objects and auto-populate proper values through correlation with alternative data sources

Change & Access Monitoring

Change & Access Auditing

  • Monitor and optionally block any and all changes to objects and attributes, by whom, from where, along with before and after values
  • Automatically resolve group membership changes of nested groups to parent groups in real-time
  • Monitor and optionally prevent changes to Group Policy Objects
  • Monitor and optionally block all or specific authentication traffic within Active Directory, including who and what, when, from where, and the security protocols being leveraged (e.g. Kerberos vs. NTLM)
  • Highlight the source of user lockout events correlate with recent password change activities to further expedite issue resolution

Privileged Account Monitoring

  • Monitor, block, and alert upon changes and authentication activities made by or to Privileged Accounts

Attack Detection

  • Detect advanced threats, suspicious activities and patterns indicative of account compromise such as NTDS.dit file extraction, Golden Tickets, Lateral Account Movement, Breached Passwords, Concurrent Logins, and more

Security Operations

  • Forward all or specific events directly to SIEM for a more contextual security event feed, consolidated alerting, and correlation with other data sources

Compliance Fulfillment

  • Generate dozens of preconfigured reports aligning to multiple compliance standards (SOX, HIPAA, PCI-DSS, GDPR, etc.)

Threat Detection

Attack Detection

  • Detect suspicious queries against critical AD objects and attributes that often occur early in the attack kill chain

Operational Monitoring

  • Detect expensive and taxing LDAP queries against Active Directory Domain Controllers

Rollback & Recovery

Rollback & Recovery

  • Rollback and recover single or multiple attributes to a previous point in time for one or more objects, including Active Directory integrated DNS
  • Restore deleted Active Directory objects with the attributes they had prior to deletion

Incremental Backup

  • Schedule backups of an Active Directory environment to run hourly, daily, or weekly, as well as on demand

Search & Compare

  • Search for any or all changes to objects and visualize their previous vs. current state

Resources

Active Directory Group Governance

Data Sheet

Learn More

Top 7 Security Activities to Monitor in Active Directory

Executive Brief

Learn More

A Look into Active Directory across Organizations

White Paper

Learn More