Monitor and prevent threats
in real-time for directory security compliance

Watch Video


Request A Free Trial

Powered by ChronoForms -

John Deere Logo
Quest Diagnostics Logo

Detection, prevention, and alerting in real time for directory security compliance

See threats, both malicious and accidental, as they happen. Get alerts in real time or use blocking to ensure threats don’t become disasters.

Detect ransomware, insider threats and unauthorized changes.

Detect Threats

Detect threats with advanced authentication and file attack analytics to catch malware, ransomware, and bad guys on your network.

Feed threat data without the need for native logs into security information and event management.

Skip the Logs with SIEM

Integrate out of the box with the industry’s leading SIEM vendors. Increase the signal to noise ratio and get actionable insight in real-time.

Detect insider threats and cyber threats in real-time.

Alert in Real-Time

Know when threats emerge, changes happen, people misbehave, or processes go rogue as it happens.

Change auditor for active directory, file systems, and exchange that detects changes and access without native logs.

Detect Every Change & Access

Detect every change to group memberships, GPOs, Mailbox and File permissions, as well as access activities like critical file access and Non-Owner Mailbox Access Events without the need for a single log.

Change auditor alternative for active directory auditing, exchange auditing, file system auditing.


Prevent changes and access to sensitive objects and resources like privileged accounts and security groups, VIP Mailboxes, and File Shares containing sensitive data and more.

active directory domain controller migration, consolidation, and upgrade authentication analytics.


Migrating, upgrading, consolidating, or simply decommissioning a domain controller? Use surgical authentication analysis to know beforehand what you’re going to break.

StealthINTERCEPT Overview

StealthINTERCEPT Overview

STEALTHbits addresses a challenge with native log data that I’ve struggled with for 8 years. STEALTHbits does the analytical work for me, specifically detecting modern attack vectors like horizontal account movement, the kind of technique that enables attackers to acquire privileged credentials and do the most damage.”

- Security Engineer at a Large Investment Firm

What's New:StealthINTERCEPT 5.1 is Here!

StealthINTERCEPT - Kerberos Weak Encryption Analytics

Kerberos Weak Encryption Analytics

Kerberos-based attacks pose a serious threat to privileged accounts and downgraded encryption methods are a common credential-stealing technique that is used to impersonate users. This new StealthINTERCEPT analytic analyzes the Kerberos encryption types used by computers and users, and alerts you when a weaker cypher is used, providing early detection of a critical insider threat.

StealthINTERCEPT detects the presence of a weakened encrypted field that is usually encrypted using the highest level of encryption. Various attack methods utilize weak Kerberos encryption cyphers, including overpass-the-hash attacks and Kerberoasting.

StealthINTERCEPT - Forged Privileged Attribute Certificate (PACs) Analytics

Forged Privileged Attribute Certificate (PACs) Analytics

Tools such as the Python Kerberos Exploitation Kit (PyKEK) are readily available and commonly used by attackers to elevate their privileges within Active Directory. Because many of these attack that leverage forged PACs can be executed without an admin account and can also be performed on any computer on the network (including computers not domain-joined) these pose a serious threat to the entire security of an Active Directory environment. This new StealthINTERCEPT analytic will detect the presence of a manipulated Privileged Attribute Certificate (PAC), providing early detection of a critical insider threat.

StealthINTERCEPT - Granular Attribute Change Detection

Granular Attribute Change Detection

The ineffectiveness of event monitoring and log analysis continues to frustrate Infrastructure & Operations personnel, as well as Security Analysts. StealthINTERCEPT has always provided a superior alternative to monitoring native logs, and with the newly added granular attribute change detection, users can cut deep through the noise of overwhelming alerts and focus on the events that matter to their unique.

This enhancement to StealthINTERCEPT allows users to detect, prevent, and alert on malicious requests to a Domain Controller, allowing organizations to mitigate the threat of credential compromise using this method of attack.

StealthINTERCEPT - Dynamic Collections for Sensitive Data & Open Shares

Dynamic Collections for Sensitive Data & Open Shares

Folders with Sensitive Data and Open Shares both represent an increased risk to critical data within an organization. The ability to monitor and protect these locations is a crucial component to every data protection strategy. StealthINTERCEPT streamlines that process by creating dynamic collections of these file paths for rapid deployment of protection policies, reducing the time between discovery of these locations and application of security controls.

StealthINTERCEPT - Enterprise Password Enforcer Custom Dictionaries

Enterprise Password Enforcer Custom Dictionaries

In 2016 the Verizon Data Breach Investigations Report (DBIR) stated that 63% of confirmed data breaches leverage a weak, default, or stolen password. The 2017 Verizon DBIR reported that 81% of hacking-related breaches leveraged either stolen and/or weak passwords. And in the 2018 DBIR, use of stolen credentials remains a number one action in breaches. Attackers have demonstrated a consist ability to compromise accounts by leveraging passwords from prior breaches. For that reason, NIST Special Publication 800-63B (Authentication and Lifecycle Management, section*) recommends the use of “Memorized Secret Verifiers” such as the StealthINTERCEPT Enterprise Password Enforcer to reduce an attacker’s chances of compromising credentials.

StealthINTERCEPT - Preconfigured Attack Kill Chain

Preconfigured Attack Kill Chain

The “Attack Kill Chain” describes the typical workflow (including techniques, tactics and procedures) used by attackers to infiltrate an organization’s networks and systems. The initial attack typically includes: external reconnaissance; use of a compromised machine; internal reconnaissance and lateral movement; domain dominance; and data consolidation and exfiltration. StealthINTERCEPT provides preconfigured policies to detect Domain Persistence, Privilege Escalation, and Reconnaissance activities. These out-of-the-box policies can be rapidly deployed, customized, configured to block, and forwarded to SIEMs, enhancing an organization’s detection and response capacities.

What Our Customers Are Saying

Microsoft Ignite - Demetrius Moore


Learn More

Microsoft Ignite - Tony Frasco


Learn More

Microsoft Ignite - StealthINTERCEPT Demo


Learn More


Download instant free trial. Deploy where you need it.

StealthINTERCEPT Reports

  • Threat detection dashboard with authentication-based attack analytics to prevent data breaches and security breaches.
  • Feed events in real-time into SIEM.
  • Real-time alerting and auditing of changes in Active Directory, File Systems, and Exchange.
  • Detect changes to Active Directory group memberships, Group Policy Objects, Mailbox and File/Folder permissions and access activities.
  • Prevent active directory changes that go against security compliance.
  • Threat Detection

    Use authentication and file attack analytics to detect and block threats as they happen.

    Enlarge Screenshot

  • SIEM Integration

    Feed relevant security events into SIEM in real-time for actionable insight.

    Enlarge Screenshot

  • Real-time Alerting

    Alert audiences to critical events instantly at global or policy levels.

    Enlarge Screenshot

  • Change & Access Detection

    Detect suspicious LDAP queries, access activities and changes to objects and permissions.

    Enlarge Screenshot

  • Change & Access Prevention

    Prevent changes and access to critical objects like admin groups, GPOs, VIP mailboxes, and file shares with sensitive data.

    Enlarge Screenshot


StealthINTERCEPT® - Monitor and Prevent Threats in Real-Time

Data Sheet

Learn More

StealthINTERCEPT® - Enterprise Password Enforcer

Data Sheet

Learn More

Crypto Ransomeware Detection

Executive Brief

Learn More

Insider Threat Detection

Executive Brief

Learn More