Threat Detection

Once they’re inside the walls, everyone’s an insider

Whether a true insider threat or the threat that’s made it inside, they’re both essentially the same. Someone or something is going to obtain and use legitimate access in unauthorized ways, making it very difficult to differentiate between normal and abnormal behavior. This is ultimately what makes insider threat detection so challenging and why data breach events continue to rise.

The STEALTHbits Solution

STEALTHbits provides critical capabilities needed to address insider threats by addressing two fundamental shortcomings and limitations within Active Directory – the authentication and authorization hub of the IT infrastructure:

  1. Native Microsoft Logging
  2. Native Windows Security Controls

By providing deeper insight into the change and authentication activities occurring within Active Directory and instantiating tighter security controls over critical objects, STEALTHbits detects, prevents, controls, and generates security intelligence in real-time that is otherwise unattainable using any other method.

Real-Time Windows Security Intelligence

  • Brute force attacks
  • Horizontal movement of accounts
  • User account hacking
  • Suspicious logins
  • Sensitive account logins
  • Security setting changes (GPO’s)
  • Permissions changes
  • Sensitive file content touches

STEALTHbits addresses a challenge with native log data that I’ve struggled with for 8 years. STEALTHbits does the analytical work for me, specifically detecting modern attack vectors like horizontal account movement, the kind of technique that enables attackers to acquire privileged credentials and do the most damage.

- Security Engineer at a Large Investment Firm