Change and Access Auditing | Real-Time Alerting
StealthINTERCEPT enables organizations to monitor the usage of credentials and data, as well as enforce security policy in real-time.
Through visibility into every change and access activity across unstructured data repositories and critical applications, StealthINTERCEPT detects and analyzes suspicious behaviors, proactively prevents changes and access, alerts, and integrates directly with the market’s leading SIEM platforms, all without any reliance on native logging.
StealthINTERCEPT v4.1 is here! Some highlights of the new release include:
Active Monitoring and Protection of the NTDS.dit File
The NTDS.dit file is used to store almost all the information that is accessible in Active Directory, including password hashes. An attacker could compromise every user account within the Active Directory database by stealing the hashes in the NTDS.dit file.
StealthINTERCEPT 4.1 introduces the ability to protect the NTDS.dit file from Volume Shadow Copy (VSS) attacks. This protection safeguards the entire Active Directory database from attackers attempting to extract password hashes and other valuable information.
Detection of Early Compromise Through LDAP Monitoring
Reconnaissance is the first phase of every targeted attack. AD Objects and their attributes are ready targets as they can be viewed by all authenticated users. LDAP queries are commonly used to explore Active Directory and its objects, and Microsoft provides no easy way to monitor the queries. Even turning on diagnostic level LDAP is not advised by Microsoft, and will simply generate a tremendous amount of noise in the event logs.
StealthINTERCEPT provides organizations the ability to easily detect and respond to reconnaissance activities of attackers looking to leverage information gathered from AD objects and entities.
Enhanced Splunk Integration & Splunk Dashboard
StealthINTERCEPT users can correlate threat data, providing crucial context about attack techniques and behavior. The enhanced integration and Splunk dashboard allows security personnel to cut through the noise of false positives and irrelevant data so they can prioritize and respond more effectively.
The StealthINTERCEPT SIEM integration comes out of the box with complete pre-parsed and pre-analyzed data. Furthermore, rich pre-packaged dashboards provide a complete ready-to-use experience.
PowerShell Scripting for Policy and Analytic Actions
Administrators can save time and add advanced actions using the easy automation and scripting functionality provided by PowerShell.
StealthINTERCEPT users can cause a specific program or process to execute according to a trigger extending the analytic actions capabilities. Common uses of PowerShell scripts include retrieving application information, setting and enforcing policies, preventing executables from being launched from common malware and ransomware directories such as %AppData%\*.exe