StealthINTERCEPT 5.1 is Here!

Operational and Security Intelligence

Request A Free Trial

Powered by ChronoForms - ChronoEngine.com

Active Directory is secure when it’s clean, understood, configured properly, monitored closely, and controlled tightly. StealthINTERCEPT has been very successful at providing organizations the operational and security intelligence necessary to achieve these goals.

StealthINTERCEPT 5.1, provides superior Active Directory protection, control and visibility that cannot be achieved natively. StealthINTERCEPT also incorporates policy driven controls to allow organizations to see threats, both malicious and accidental, as they happen - preventing accidental changes, blocking malicious activity and alerting in real-time.

Some highlights of the new release include:

StealthINTERCEPT - Kerberos Weak Encryption Analytics

Kerberos Weak Encryption Analytics

Kerberos-based attacks pose a serious threat to privileged accounts and downgraded encryption methods are a common credential-stealing technique that is used to impersonate users. This new StealthINTERCEPT analytic analyzes the Kerberos encryption types used by computers and users, and alerts you when a weaker cypher is used, providing early detection of a critical insider threat.

StealthINTERCEPT detects the presence of a weakened encrypted field that is usually encrypted using the highest level of encryption. Various attack methods utilize weak Kerberos encryption cyphers, including overpass-the-hash attacks and Kerberoasting.

StealthINTERCEPT - Forged Privileged Attribute Certificate (PACs) Analytics

Forged Privileged Attribute Certificate (PACs) Analytics

Tools such as the Python Kerberos Exploitation Kit (PyKEK) are readily available and commonly used by attackers to elevate their privileges within Active Directory. Because many of these attack that leverage forged PACs can be executed without an admin account and can also be performed on any computer on the network (including computers not domain-joined) these pose a serious threat to the entire security of an Active Directory environment. This new StealthINTERCEPT analytic will detect the presence of a manipulated Privileged Attribute Certificate (PAC), providing early detection of a critical insider threat.

StealthINTERCEPT - Granular Attribute Change Detection

Granular Attribute Change Detection

The ineffectiveness of event monitoring and log analysis continues to frustrate Infrastructure & Operations personnel, as well as Security Analysts. StealthINTERCEPT has always provided a superior alternative to monitoring native logs, and with the newly added granular attribute change detection, users can cut deep through the noise of overwhelming alerts and focus on the events that matter to their unique.

This enhancement to StealthINTERCEPT allows users to detect, prevent, and alert on malicious requests to a Domain Controller, allowing organizations to mitigate the threat of credential compromise using this method of attack.

StealthINTERCEPT - Dynamic Collections for Sensitive Data & Open Shares

Dynamic Collections for Sensitive Data & Open Shares

Folders with Sensitive Data and Open Shares both represent an increased risk to critical data within an organization. The ability to monitor and protect these locations is a crucial component to every data protection strategy. StealthINTERCEPT streamlines that process by creating dynamic collections of these file paths for rapid deployment of protection policies, reducing the time between discovery of these locations and application of security controls.

StealthINTERCEPT - Enterprise Password Enforcer Custom Dictionaries

Enterprise Password Enforcer Custom Dictionaries

In 2016 the Verizon Data Breach Investigations Report (DBIR) stated that 63% of confirmed data breaches leverage a weak, default, or stolen password. The 2017 Verizon DBIR reported that 81% of hacking-related breaches leveraged either stolen and/or weak passwords. And in the 2018 DBIR, use of stolen credentials remains a number one action in breaches. Attackers have demonstrated a consist ability to compromise accounts by leveraging passwords from prior breaches. For that reason, NIST Special Publication 800-63B (Authentication and Lifecycle Management, section 5.1.1.2*) recommends the use of “Memorized Secret Verifiers” such as the StealthINTERCEPT Enterprise Password Enforcer to reduce an attacker’s chances of compromising credentials.

StealthINTERCEPT - Preconfigured Attack Kill Chain

Preconfigured Attack Kill Chain

The “Attack Kill Chain” describes the typical workflow (including techniques, tactics and procedures) used by attackers to infiltrate an organization’s networks and systems. The initial attack typically includes: external reconnaissance; use of a compromised machine; internal reconnaissance and lateral movement; domain dominance; and data consolidation and exfiltration. StealthINTERCEPT provides preconfigured policies to detect Domain Persistence, Privilege Escalation, and Reconnaissance activities. These out-of-the-box policies can be rapidly deployed, customized, configured to block, and forwarded to SIEMs, enhancing an organization’s detection and response capacities.

Resources


StealthINTERCEPT

Data Sheet

Learn More

Introducing StealthINTERCEPT 5.1 - Closely Monitoring & Tightly Controlling Active Directory

Webinar

Learn More