Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Disrupting the Pervasive Attacks Against Active Directory and Identities

Securing Active Directory and the identity infrastructure is critical for preventing privilege escalation, lateral movement and attacker persistence.

As we look deeper into recent high-profile breaches, one thing becomes crystal clear: an attacker's ability to impact the identity infrastructure (read: Active Directory) is central to cybersecurity.

Once an attacker gains a foothold in an organization, they can't move any farther without access to a privileged user account. They'll immediately seek out high-level privileges in order to gain access to the information they want in an organization. With privileges, an attacker can create dormant accounts, giving them backdoor access so that even if they are discovered they can return to the environment unnoticed. An attacker can even erase their forensic footprints as they move laterally through an organization's network.

The vast supermajority of large enterprises use Microsoft Active Directory to manage account privileges. Every model we have about how breaches work, everything we know about how advanced threat actors and foreign intelligence services operate, tells us that Active Directory is absolutely critical to answering this question: How secure are we?

Despite its criticality, managing and securing Active Directory is incredibly complex. It's almost impossible to manage Active Directory securely at scale in an enterprise without a tremendous amount of expertise and constant attention.

This is why I'm so excited to announce that Tenable has completed our acquisition of Alsid and is introducing Tenable.ad, a new solution leveraging Alsid technology to secure Active Directory environments and disrupt one of the most common attack paths in both advanced persistent threats and common hacks.  Tenable.ad, now generally available, is a Software as a Service (SaaS) solution with an on-premises deployment option. Existing Alsid SaaS customers have the option of upgrading to Tenable.ad immediately.

With the acquisition of Alsid, Tenable achieves an important milestone in delivering on our Cyber Exposure vision to help organizations understand and reduce cyber risk across the entire modern attack surface. With the introduction of Tenable.ad, our Risk-based Vulnerability Management (RBVM) portfolio expands. Now, Tenable not only enables security professionals to use our vulnerability management tools to identify the vulnerabilities likely to be leveraged in an attack; with Tenable.ad we also enable them to deliver a risk-based approach to Active Directory security by disrupting one of the most common attack paths in both sophisticated compromises and common hacks.

Tenable.ad allows security and IT professionals to find and fix weaknesses in Active Directory before attackers can exploit them. And it allows incident responders to detect and respond to attacks as they're happening.

At its core, Tenable.ad does an incredibly thorough job of auditing and assessing every configuration setting and every entry and relationship within Active Directory. Then, it simplifies these findings and creates prioritized recommendations for IT and security teams to address based on criticality, the relative ease of making configuration changes and the relative ease of implementing recommendations.

Tenable.ad also provides ongoing monitoring for risky activities that might be an indication of a compromise underway. It monitors activities such as:

  • Creation of new administrator accounts;

  • Hiding accounts;

  • Permission changes;

  • Adding new groups;

  • Adding users to groups; 

  • Creating trust relationships;

  • And others. 


What's remarkable about Tenable.ad is that it only requires user-level account access, which means relatively low impact on the IT organization. Tenable.ad does not require any agents to be installed on the domain controllers. It keeps security professionals out of the business of installing software on a sensitive system that could inadvertently disrupt business operations. And Tenable.ad functions without relying on Windows systems logs, which only give a point-in-time view of what's happening in a system and have been bypassed by advanced threat techniques. Instead, Tenable.ad relies on the replication features and functionality native in Active Directory to give security professionals the insights they need to protect user privileges in a dynamic, ever-changing environment.

Tenable.ad delivers the same level of professionalism and accuracy for securing Active Directory infrastructure that Tenable users have come to expect from our best-of-breed vulnerability management platforms for IT and Operational Technology (OT) environments. We're excited to welcome them to our team.

Learn more:

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training