Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Disrupting the Pervasive Attacks Against Active Directory and Identities

Securing Active Directory and the identity infrastructure is critical for preventing privilege escalation, lateral movement and attacker persistence.

As we look deeper into recent high-profile breaches, one thing becomes crystal clear: an attacker's ability to impact the identity infrastructure (read: Active Directory) is central to cybersecurity.

Once an attacker gains a foothold in an organization, they can't move any farther without access to a privileged user account. They'll immediately seek out high-level privileges in order to gain access to the information they want in an organization. With privileges, an attacker can create dormant accounts, giving them backdoor access so that even if they are discovered they can return to the environment unnoticed. An attacker can even erase their forensic footprints as they move laterally through an organization's network.

The vast supermajority of large enterprises use Microsoft Active Directory to manage account privileges. Every model we have about how breaches work, everything we know about how advanced threat actors and foreign intelligence services operate, tells us that Active Directory is absolutely critical to answering this question: How secure are we?

Despite its criticality, managing and securing Active Directory is incredibly complex. It's almost impossible to manage Active Directory securely at scale in an enterprise without a tremendous amount of expertise and constant attention.

This is why I'm so excited to announce that Tenable has completed our acquisition of Alsid and is introducing Tenable.ad, a new solution leveraging Alsid technology to secure Active Directory environments and disrupt one of the most common attack paths in both advanced persistent threats and common hacks.  Tenable.ad, now generally available, is a Software as a Service (SaaS) solution with an on-premises deployment option. Existing Alsid SaaS customers have the option of upgrading to Tenable.ad immediately.

With the acquisition of Alsid, Tenable achieves an important milestone in delivering on our Cyber Exposure vision to help organizations understand and reduce cyber risk across the entire modern attack surface. With the introduction of Tenable.ad, our Risk-based Vulnerability Management (RBVM) portfolio expands. Now, Tenable not only enables security professionals to use our vulnerability management tools to identify the vulnerabilities likely to be leveraged in an attack; with Tenable.ad we also enable them to deliver a risk-based approach to Active Directory security by disrupting one of the most common attack paths in both sophisticated compromises and common hacks.

Tenable.ad allows security and IT professionals to find and fix weaknesses in Active Directory before attackers can exploit them. And it allows incident responders to detect and respond to attacks as they're happening.

At its core, Tenable.ad does an incredibly thorough job of auditing and assessing every configuration setting and every entry and relationship within Active Directory. Then, it simplifies these findings and creates prioritized recommendations for IT and security teams to address based on criticality, the relative ease of making configuration changes and the relative ease of implementing recommendations.

Tenable.ad also provides ongoing monitoring for risky activities that might be an indication of a compromise underway. It monitors activities such as:

  • Creation of new administrator accounts;

  • Hiding accounts;

  • Permission changes;

  • Adding new groups;

  • Adding users to groups; 

  • Creating trust relationships;

  • And others. 


What's remarkable about Tenable.ad is that it only requires user-level account access, which means relatively low impact on the IT organization. Tenable.ad does not require any agents to be installed on the domain controllers. It keeps security professionals out of the business of installing software on a sensitive system that could inadvertently disrupt business operations. And Tenable.ad functions without relying on Windows systems logs, which only give a point-in-time view of what's happening in a system and have been bypassed by advanced threat techniques. Instead, Tenable.ad relies on the replication features and functionality native in Active Directory to give security professionals the insights they need to protect user privileges in a dynamic, ever-changing environment.

Tenable.ad delivers the same level of professionalism and accuracy for securing Active Directory infrastructure that Tenable users have come to expect from our best-of-breed vulnerability management platforms for IT and Operational Technology (OT) environments. We're excited to welcome them to our team.

Learn more:

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.