Disrupting the Pervasive Attacks Against Active Directory and Identities
Securing Active Directory and the identity infrastructure is critical for preventing privilege escalation, lateral movement and attacker persistence.
As we look deeper into recent high-profile breaches, one thing becomes crystal clear: an attacker's ability to impact the identity infrastructure (read: Active Directory) is central to cybersecurity.
Once an attacker gains a foothold in an organization, they can't move any farther without access to a privileged user account. They'll immediately seek out high-level privileges in order to gain access to the information they want in an organization. With privileges, an attacker can create dormant accounts, giving them backdoor access so that even if they are discovered they can return to the environment unnoticed. An attacker can even erase their forensic footprints as they move laterally through an organization's network.
The vast supermajority of large enterprises use Microsoft Active Directory to manage account privileges. Every model we have about how breaches work, everything we know about how advanced threat actors and foreign intelligence services operate, tells us that Active Directory is absolutely critical to answering this question: How secure are we?
Despite its criticality, managing and securing Active Directory is incredibly complex. It's almost impossible to manage Active Directory securely at scale in an enterprise without a tremendous amount of expertise and constant attention.
This is why I'm so excited to announce that Tenable has completed our acquisition of Alsid and is introducing Tenable.ad, a new solution leveraging Alsid technology to secure Active Directory environments and disrupt one of the most common attack paths in both advanced persistent threats and common hacks. Tenable.ad, now generally available, is a Software as a Service (SaaS) solution with an on-premises deployment option. Existing Alsid SaaS customers have the option of upgrading to Tenable.ad immediately.
With the acquisition of Alsid, Tenable achieves an important milestone in delivering on our Cyber Exposure vision to help organizations understand and reduce cyber risk across the entire modern attack surface. With the introduction of Tenable.ad, our Risk-based Vulnerability Management (RBVM) portfolio expands. Now, Tenable not only enables security professionals to use our vulnerability management tools to identify the vulnerabilities likely to be leveraged in an attack; with Tenable.ad we also enable them to deliver a risk-based approach to Active Directory security by disrupting one of the most common attack paths in both sophisticated compromises and common hacks.
Tenable.ad allows security and IT professionals to find and fix weaknesses in Active Directory before attackers can exploit them. And it allows incident responders to detect and respond to attacks as they're happening.
At its core, Tenable.ad does an incredibly thorough job of auditing and assessing every configuration setting and every entry and relationship within Active Directory. Then, it simplifies these findings and creates prioritized recommendations for IT and security teams to address based on criticality, the relative ease of making configuration changes and the relative ease of implementing recommendations.
Tenable.ad also provides ongoing monitoring for risky activities that might be an indication of a compromise underway. It monitors activities such as:
- Creation of new administrator accounts;
- Hiding accounts;
- Permission changes;
- Adding new groups;
- Adding users to groups;
- Creating trust relationships;
- And others.
What's remarkable about Tenable.ad is that it only requires user-level account access, which means relatively low impact on the IT organization. Tenable.ad does not require any agents to be installed on the domain controllers. It keeps security professionals out of the business of installing software on a sensitive system that could inadvertently disrupt business operations. And Tenable.ad functions without relying on Windows systems logs, which only give a point-in-time view of what's happening in a system and have been bypassed by advanced threat techniques. Instead, Tenable.ad relies on the replication features and functionality native in Active Directory to give security professionals the insights they need to protect user privileges in a dynamic, ever-changing environment.
Tenable.ad delivers the same level of professionalism and accuracy for securing Active Directory infrastructure that Tenable users have come to expect from our best-of-breed vulnerability management platforms for IT and Operational Technology (OT) environments. We're excited to welcome them to our team.
Scopri di più:
- Read the blog: Disrupting Attack Paths: Why Tenable's Acquisition of Alsid Matters
- Find out more about Tenable.ad here: https://www.tenable.com/products/tenable-ad
- Attend the webinar: Introducing Tenable.ad: Secure Active Directory and Disrupt Attack Paths
Articoli correlati
Cybersecurity Snapshot: CISA Shines Light on Cloud Security and on Hybrid IAM Systems’ Integration
March 15, 2024Check out CISA’s latest best practices for protecting cloud environments, and for securely integrating on-prem and cloud IAM systems. Plus, catch up on the ongoing Midnight Blizzard attack against Microsoft. And don’t miss the latest CIS Benchmarks. And much more!
Poor Identity Hygiene at Root of Nation-State Attack Against Microsoft
February 1, 2024The latest breach suffered by Microsoft shows once again that detection and response are not enough. Because the source of an attack almost always boils down to a single overlooked user and permission, it’s critical for organizations to have strong preventive security.
Cybersecurity Snapshot: What’s in Store for 2024 in Cyberland? Check Out Tenable Experts’ Predictions for OT Security, AI, Cloud Security, IAM and more
December 29, 2023The new year is upon us, and so we ponder the question: What cybersecurity trends will shape 2024? To find out, we asked Tenable experts to read the tea leaves. Their 2024 forecasts include: A bigger security role for cloud architects; a focus by ransomware gangs on OT systems in critical industries; an intensification of IAM attacks; and much more!
How Risk-based Vulnerability Management Boosts Your Modern IT Environment's Security Posture
July 11, 2024Vulnerability assessments and vulnerability management sound similar – but they’re not. As a new Enterprise Strategy Group white paper explains, it’s key to understand their differences and to shift from ad-hoc vulnerability assessments to continuous, risk-based vulnerability management (RBVM). Read on to check out highlights from this Tenable-commissioned study and learn how RBVM helps organizations attain a solid security and risk posture in hybrid, complex and multi-cloud environments.
Microsoft’s July 2024 Patch Tuesday Addresses 138 CVEs (CVE-2024-38080, CVE-2024-38112)
July 9, 2024Microsoft addresses 138 CVEs in its July 2024 Patch Tuesday release, with five critical vulnerabilities and three zero-day vulnerabilities, two of which were exploited in the wild.
How the regreSSHion Vulnerability Could Impact Your Cloud Environment
July 5, 2024With growing concern over the recently disclosed regreSSHion vulnerability, we’re explaining here what it is, why it’s so significant, what it could mean for your cloud environment and how Tenable Cloud Security can help.
- Active Directory
- Announcements
- Risk-based Vulnerability Management
- Security auditing
- Threat Intelligence
- Threat Management
- Vulnerability Management
- Vulnerability Scanning