Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe
  • Twitter
  • Facebook
  • LinkedIn

Disrupting the Pervasive Attacks Against Active Directory and Identities

Disrupting the Pervasive Attacks Against Active Directory and Identities

Securing Active Directory and the identity infrastructure is critical for preventing privilege escalation, lateral movement and attacker persistence.

As we look deeper into recent high-profile breaches, one thing becomes crystal clear: an attacker's ability to impact the identity infrastructure (read: Active Directory) is central to cybersecurity.

Once an attacker gains a foothold in an organization, they can't move any farther without access to a privileged user account. They'll immediately seek out high-level privileges in order to gain access to the information they want in an organization. With privileges, an attacker can create dormant accounts, giving them backdoor access so that even if they are discovered they can return to the environment unnoticed. An attacker can even erase their forensic footprints as they move laterally through an organization's network.

The vast supermajority of large enterprises use Microsoft Active Directory to manage account privileges. Every model we have about how breaches work, everything we know about how advanced threat actors and foreign intelligence services operate, tells us that Active Directory is absolutely critical to answering this question: How secure are we?

Despite its criticality, managing and securing Active Directory is incredibly complex. It's almost impossible to manage Active Directory securely at scale in an enterprise without a tremendous amount of expertise and constant attention.

This is why I'm so excited to announce that Tenable has completed our acquisition of Alsid and is introducing Tenable.ad, a new solution leveraging Alsid technology to secure Active Directory environments and disrupt one of the most common attack paths in both advanced persistent threats and common hacks.  Tenable.ad, now generally available, is a Software as a Service (SaaS) solution with an on-premises deployment option. Existing Alsid SaaS customers have the option of upgrading to Tenable.ad immediately.

With the acquisition of Alsid, Tenable achieves an important milestone in delivering on our Cyber Exposure vision to help organizations understand and reduce cyber risk across the entire modern attack surface. With the introduction of Tenable.ad, our Risk-based Vulnerability Management (RBVM) portfolio expands. Now, Tenable not only enables security professionals to use our vulnerability management tools to identify the vulnerabilities likely to be leveraged in an attack; with Tenable.ad we also enable them to deliver a risk-based approach to Active Directory security by disrupting one of the most common attack paths in both sophisticated compromises and common hacks.

Tenable.ad allows security and IT professionals to find and fix weaknesses in Active Directory before attackers can exploit them. And it allows incident responders to detect and respond to attacks as they're happening.

At its core, Tenable.ad does an incredibly thorough job of auditing and assessing every configuration setting and every entry and relationship within Active Directory. Then, it simplifies these findings and creates prioritized recommendations for IT and security teams to address based on criticality, the relative ease of making configuration changes and the relative ease of implementing recommendations.

Tenable.ad also provides ongoing monitoring for risky activities that might be an indication of a compromise underway. It monitors activities such as:

  • Creation of new administrator accounts;

  • Hiding accounts;

  • Permission changes;

  • Adding new groups;

  • Adding users to groups; 

  • Creating trust relationships;

  • And others. 


What's remarkable about Tenable.ad is that it only requires user-level account access, which means relatively low impact on the IT organization. Tenable.ad does not require any agents to be installed on the domain controllers. It keeps security professionals out of the business of installing software on a sensitive system that could inadvertently disrupt business operations. And Tenable.ad functions without relying on Windows systems logs, which only give a point-in-time view of what's happening in a system and have been bypassed by advanced threat techniques. Instead, Tenable.ad relies on the replication features and functionality native in Active Directory to give security professionals the insights they need to protect user privileges in a dynamic, ever-changing environment.

Tenable.ad delivers the same level of professionalism and accuracy for securing Active Directory infrastructure that Tenable users have come to expect from our best-of-breed vulnerability management platforms for IT and Operational Technology (OT) environments. We're excited to welcome them to our team.

Learn more:

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.