Customers can now quickly identify Active Directory attack paths, eliminate threats in real-time, and recover in a successful attack.
SpecterOps, a provider of adversary-focused cybersecurity solutions, announced a strategic partnership with Quest Software, a global systems management, data protection and security software provider, to better defend against attacks in Active Directory (AD) and Microsoft 365 environments.
Active Directory continues to be a primary target for cybercriminals, and securing it is a top priority for IT, Security, and Identity and Access Management professionals. SpecterOps’ Attack Path Management solution BloodHound Enterprise prioritises and quantifies attack path choke points, complementing Quest’s real-time hybrid AD anomaly detection and disaster recovery capabilities. This allows organisations to eliminate AD attack paths and improve overall cyber security resilience.
“BloodHound Enterprise’s Attack Path Management methodology has already proven to be wildly successful in helping organisations reduce their exposure to Attack Paths in Active Directory. This partnership takes that protection even further by better equipping customers to defend against increasing attacks and helping to minimise potential threats with both preventative and restorative measures,” said David McGuire, CEO at SpecterOps. “We’re excited to be working with Quest to not only make BloodHound Enterprise more widely available but to give customers more tools to help them improve their AD security posture.”
Eliminating AD attack paths has traditionally been a challenge, as security practitioners tend to think in lists (checking thousands of generic configuration issues) while adversaries think in graphs — making it easier for them to find an effective attack route.
The average enterprise AD environment is large, complex and constantly changing, and AD’s built-in tooling makes it difficult to detect Attack Paths effectively. BloodHound Enterprise works with Quest’s AD management and auditing solutions to arm defenders with a graphical mapping of all AD attack paths in this strategic partnership.
This enables defenders to easily identify, prioritise and eliminate the most vital avenues that attackers can exploit. Additionally, BloodHound Enterprise monitors and measures the improvement of an organisation’s security posture over time via a C-level report card, which highlights risk reduction as misconfigurations are remediated and choke points are eliminated.
Furthermore, in the case of a successful attack, Quest Change Auditor and On-Demand Audit Hybrid Suite’s real-time anomaly detection capabilities can identify and thwart attacks in progress; and Quest Recovery Manager for Active Directory Disaster Recovery Edition can recover AD at least five times faster than the manual forest recovery process, according to ESG Research. These capabilities complement the attack path management offered by BloodHound Enterprise to form a robust suite of AD security protections.
“Historically, other solutions have failed to focus on what’s most important — the millions of paths an attacker can exploit that lead from ordinary user accounts or computers to a critical Tier 0 asset like a domain controller, privileged group or backup,” said Michael Tweddle, President and General Manager at Quest.
“To further improve our cyber resiliency offering, Quest has partnered with SpecterOps to empower organisations to eliminate AD attack paths that lead to their highest value targets – all while empowering them to track improvement to their security posture over time.”
