Attivo Networks ADAssessor

Additional Info

CompanyAttivo Networks
Websitehttps://www.attivonetworks.com
Company size (employees)100 to 499

Overview

Active Directory is a directory service used by over 90% of all enterprises for employee authentication, identity management, and access control. It is notoriously complex to secure, from which attackers obtain privileged access in over 80% of all attacks. These directory services need to be continuously monitored and protected more diligently, validating the integrity of each part, including critical control infrastructure and entitlement access.

The Attivo ADAssessor solution reduces this risk by finding AD exposures and guiding administrators to remediate them, limiting a attacker’s ability to identify sensitive targets, compromise misconfigurations, move laterally and gain persistence.

With Attivo Networks’ ADAssessor solution, customers gain unprecedented visibility to act on AD risk with continuous insight into exposures, overprovisioning, and misconfiguration for domains, users, and computers. It also detects mass changes to AD objects in real-time that indicate an attack is underway, providing an early warning for organizations to nefarious activities that typically go undetected. The solution deploys to a single standard workstation that belongs to the AD forest and comes with a single management console for analysis and management.

There are no extra privileges required. The cloud-based management console is then easily accessed through the Attivo CloudLink service.

Once deployed, the solution:
• Immediately detects vulnerabilities in the AD environment, including misconfigurations, excessive privileges, or data exposures
• Discovers weaknesses before attackers can exploit them and to reduce the attack surface
• Automatically monitors AD, analyzing changes and new exposures that indicate possible malicious activity
• Runs continuously or on-demand to protect Active Directory
• Detects attacks such as password spray and brute force and provides health scores to help businesses evaluate and trend their performance
• Provides in-depth reporting of Active Directory risks with detailed summaries, including reference to MITRE ATT&CK and CVEs and the steps needed for remediation

How we are different

• ADAssessor solves many of the security pain points administrators encounter across Active Directory implementations. The solution is a tool that lessens the burden on administrators by providing visibility to vulnerabilities, guiding to what changes are necessary, and advising on how to make them. The product also aids security teams by allowing them to go deeper, broader, and wider in their assessments while gaining continuous visibility to exposures.


• ADAssessor delivers immediate value by identifying and guiding the remediation of Active Directory security hygiene issues. That value is further extended by the ease of implementation, which eliminates disruption and gives access to an innovative management console, where analysis and data for remediation assistance are readily available. The console also provides for a collaborative environment for both security and Sysadmins as they look to understand and remediate vulnerabilities.


• The solution also brings real-time attack detection to the table, backed by visibility into the critical domain, computer, and user-level exposures. Those insights reveal identities and service account risk related to credentials, privileged accounts, stale accounts, shared credentials, and AD attack paths. As businesses leverage AD across domains and implement hybrid solutions, tools that can surface threats and give visibility into complex AD implementations will prove to be crucial. The most common exposures found include:


o Detecting mass account lockouts, disables, and deletions
o Suspicious password changes on service or sensitive accounts
o Suspicious password changes for mass password reset/changes
o Detecting brute force – password spray attack
o Suspicious service creation on the domain controller
o DCShadow attack
o Use of default administrator account
o Reactivation of disabled privileged accounts
o Dangerous rights delegation
o Weak KRBTGT Account – Golden Ticket
o Weak Default Admin Account
o Unprivileged users in AdminSDHolder
o Unusual accounts with replication permissions (DCSync)
o Accounts with never expiring passwords