See threats, both malicious and accidental, as they happen. Get alerts in real time or use blocking to ensure threats don’t become disasters.
Detect threats with advanced authentication and file attack analytics to catch malware, ransomware, and bad guys on your network.
Integrate out of the box with the industry’s leading SIEM vendors. Increase the signal to noise ratio and get actionable insight in real-time.
Know when threats emerge, changes happen, people misbehave, or processes go rogue as it happens.
Detect every change to group memberships, GPOs, Mailbox and File permissions, as well as access activities like critical file access and Non-Owner Mailbox Access Events without the need for a single log.
Prevent changes and access to sensitive objects and resources like privileged accounts and security groups, VIP Mailboxes, and File Shares containing sensitive data and more.
Migrating, upgrading, consolidating, or simply decommissioning a domain controller? Use surgical authentication analysis to know beforehand what you’re going to break.
STEALTHbits addresses a challenge with native log data that I’ve struggled with for 8 years. STEALTHbits does the analytical work for me, specifically detecting modern attack vectors like horizontal account movement, the kind of technique that enables attackers to acquire privileged credentials and do the most damage.”
Kerberos-based attacks pose a serious threat to privileged accounts and downgraded encryption methods are a common credential-stealing technique that is used to impersonate users. This new StealthINTERCEPT analytic analyzes the Kerberos encryption types used by computers and users, and alerts you when a weaker cypher is used, providing early detection of a critical insider threat.
StealthINTERCEPT detects the presence of a weakened encrypted field that is usually encrypted using the highest level of encryption. Various attack methods utilize weak Kerberos encryption cyphers, including overpass-the-hash attacks and Kerberoasting.
Tools such as the Python Kerberos Exploitation Kit (PyKEK) are readily available and commonly used by attackers to elevate their privileges within Active Directory. Because many of these attack that leverage forged PACs can be executed without an admin account and can also be performed on any computer on the network (including computers not domain-joined) these pose a serious threat to the entire security of an Active Directory environment. This new StealthINTERCEPT analytic will detect the presence of a manipulated Privileged Attribute Certificate (PAC), providing early detection of a critical insider threat.
The ineffectiveness of event monitoring and log analysis continues to frustrate Infrastructure & Operations personnel, as well as Security Analysts. StealthINTERCEPT has always provided a superior alternative to monitoring native logs, and with the newly added granular attribute change detection, users can cut deep through the noise of overwhelming alerts and focus on the events that matter to their unique.
This enhancement to StealthINTERCEPT allows users to detect, prevent, and alert on malicious requests to a Domain Controller, allowing organizations to mitigate the threat of credential compromise using this method of attack.
Folders with Sensitive Data and Open Shares both represent an increased risk to critical data within an organization. The ability to monitor and protect these locations is a crucial component to every data protection strategy. StealthINTERCEPT streamlines that process by creating dynamic collections of these file paths for rapid deployment of protection policies, reducing the time between discovery of these locations and application of security controls.
In 2016 the Verizon Data Breach Investigations Report (DBIR) stated that 63% of confirmed data breaches leverage a weak, default, or stolen password. The 2017 Verizon DBIR reported that 81% of hacking-related breaches leveraged either stolen and/or weak passwords. And in the 2018 DBIR, use of stolen credentials remains a number one action in breaches. Attackers have demonstrated a consist ability to compromise accounts by leveraging passwords from prior breaches. For that reason, NIST Special Publication 800-63B (Authentication and Lifecycle Management, section 188.8.131.52*) recommends the use of “Memorized Secret Verifiers” such as the StealthINTERCEPT Enterprise Password Enforcer to reduce an attacker’s chances of compromising credentials.
The “Attack Kill Chain” describes the typical workflow (including techniques, tactics and procedures) used by attackers to infiltrate an organization’s networks and systems. The initial attack typically includes: external reconnaissance; use of a compromised machine; internal reconnaissance and lateral movement; domain dominance; and data consolidation and exfiltration. StealthINTERCEPT provides preconfigured policies to detect Domain Persistence, Privilege Escalation, and Reconnaissance activities. These out-of-the-box policies can be rapidly deployed, customized, configured to block, and forwarded to SIEMs, enhancing an organization’s detection and response capacities.