The threat against Active Directory is real.
From Golden Tickets to DCShadow, the tactics, techniques, and procedures attackers are leveraging to compromise AD are substantially more sophisticated than in years past, requiring a different approach in order to address these modern threats.
StealthDEFEND provides the ability to detect, alert, investigate and respond to advanced threats against Active Directory, in real-time.
Automatically mapping the detailed structure of your enterprise, StealthDEFEND leverages a highly tuned and enriched feed of security and operational activity happening inside of Active Directory to learn how users and devices behave.
This information enables StealthDEFEND to detect abnormal and outlier behaviors, reconnaissance activities, and targeted attacks using advanced techniques.
StealthDEFEND is tuned to detect and respond to the specific methodologies attackers are leveraging when attempting to compromise Active Directory, including:
Replication Permissions Tampering
LSASS Process Injection
AdminSDHolder ACL Tampering
(e.g. Pass-the-Hash, Pass-the-Ticket)
SID History Tampering
STEP 1: MONITOR
Monitor and stream optimized change, authentication, and LDAP activity to StealthDEFEND console.
STEP 2: DETECT
ML-driven analytics engine detects known patterns and outlier behavior associated with account compromise.
STEP 3: RESPOND
Investigate identified threats in seconds, deliver alerts to the appropriate people and places, and automatically launch response actions that contain the threat and mitigate the damage that can be done.