Active Directory is foundational to everything you do and the #1 new target for attackers. Since it wasn’t originally built with today’s threats in mind, Active Directory is riddled with inherent soft spots and risky configurations that attackers are readily taking advantage of. We, here at Semperis, are excited to announce a new release of Directory Services Protector (DS Protector) and the powerful features it includes to detect dangerous vulnerabilities, intercept attacks in progress, and immediately close backdoors created by an attacker or rogue administrator.
Here’s a quick video overview that demonstrates the new features added to DS Protector 3.0.
Automate remediation, stop attackers in their tracks
Automation is essential to keeping up with the speed and scale of today’s cyberattacks. SIEM systems and AD change auditing tools do a good job of monitoring sensitive changes and automatically sending notifications. But these systems and tools fall short when it comes to automating remediation.
This release of DS Protector provides all the components needed for automated monitoring and remediation. The insights gathered by DS Protector can be used to trigger automated actions, including built-in rollback capabilities. This new feature allows critical security-related or operational changes to be automatically undone without administrator intervention. This enables you to undo suspicious changes, regain control, and circumvent further damage and security exposure.
Find vulnerabilities before attackers do
Attackers understand all too well how to find and exploit vulnerabilities in your Active Directory configuration, such as accounts with unconstrained delegation, privileged accounts with Kerberos services, unprivileged users with DC sync rights, etc. The list is long and ever-changing, and you need a way to find vulnerabilities before an attacker does.
The challenge is two-fold: 1) how do you keep up with new threats, and 2) how do you keep up with your ever-changing Active Directory. Even if your Active Directory isn’t vulnerable right now, that can quickly change. Thus, vulnerability assessment must be ongoing – not “one and done.”
DS Protector addresses this challenge by continuously scanning Active Directory for risky configurations to identify any possible weak links in your AD deployment. The new Security dashboard highlights the results found from performing security posture checks against security indicators that point out misconfigurations. By regularly assessing Active Directory, DS Protector not only provides a list of vulnerabilities but also suggests corrective actions to reduce your Active Directory attack surface. As additional threat research is performed, we can dynamically add security indicators to address new threat scenarios and attack techniques. You can also adjust security indicators to meet requirements specific to your environment.
Conclusion
As the keeper of the “keys to the kingdom”, Active Directory is a prime target for cyberattacks. Semperis Directory Services Protector is known for providing uninterrupted tracking of AD modifications and immediate rollback of unwanted changes, without mounting backups or taking domain controllers offline. It provides the capabilities you need to defend AD from cyberattacks, detects hidden changes, and alerts you to potential attacks in progress.
The powerful product enhancements introduced in this release strengthen the capabilities currently available to defend AD from today’s most sophisticated cyberattacks and recover quickly from everyday mistakes. Some of the existing capabilities of DS Protector include:
- Ability to detect changes even when the attacker foils security logging.
- Ability to track and undo changes and deletions across all AD partitions and Group Policy Objects.
- Ability to see who made each change and quickly isolate all changes made by a compromised account.
- Ability to revert changes to individual attributes, objects, and containers – and to any point in time, not just to a previous backup.
- Integration into your corporate SIEM system.
- Granular role-based access control to enable delegation of routine administrative tasks.
For more information, see What’s New.
