SpecterOps announced BloodHound Enterprise, an Attack Path
Management (APM) security solution for Active Directory (AD). Designed
to help organizations proactively and continuously identify, manage and
remediate millions of AD Attack Paths, BloodHound Enterprise gives IT
Ops and SecOps professionals the tools needed to dramatically and
measurably improve AD security posture with minimal effort.
As
a largely unseen, unmanaged and growing problem for enterprises, AD
Attack Paths are used by attackers to gain control of systems and data,
impersonate users, abuse legitimate access to non-AD systems and much
more. This problem is compounded by mountains of misconfiguration debt
in AD, making it difficult to create a strong security posture for AD
security. Until BloodHound Enterprise there has not been a practical
defensive tool that identifies and quantifies AD choke points,
eliminating Active Directory as an attacker's easiest, most reliable and
biggest payoff target.
"Traditional
approaches to AD security generate massive lists of generic
misconfigurations and poor user behaviors that overwhelm teams and are
generally impossible to resolve," said David McGuire, CEO at SpecterOps.
"In contrast, BloodHound Enterprise continuously identifies the
critical Attack Path 'choke points' for elimination, visually
illustrates the Attack Paths for contextual understanding, and
prioritizes which Attack Paths to eliminate based on actual risk."
Microsoft
AD provides identity and access management, endpoint management and
business application management. It is an extremely high-value target
for attackers because it is widely used and because it offers features
that can give attackers the "keys to the kingdom" if compromised. Attack
Paths are chains of abusable privileges and user behaviors that create
direct and indirect connections between computers and users within AD.
Once an attacker compromises a system or device, they can use the
privileges of those users to compromise other systems or devices until
they reach their final objective. AD controls which users have access to
which systems, so configuring AD correctly can close off these Attack
Paths - if the organization is aware they exist.
Active
Directory best practices such as least privilege access and tiered
administration are almost never implemented correctly or at all, and
Attack Paths are too numerous and dynamic for reactive security measures
to be effective. BloodHound Enterprise solves these problems with:
- Rapid,
centralized cloud deployment in under an hour that allows IT Ops and
SecOps teams to deploy across corporate and subsidiary locations to
understand Attack Path risk quickly.
- Continuous,
comprehensive Attack Path mapping that enumerates every possible path
and highlights new paths introduced through configuration changes and
user behaviors.
- Attack Path Choke Point identification with analysis of impact that allows teams to better prioritize remediation.
- Practical,
precise and safe remediation guidance that leads teams through
remediations step-by-step to sever Attack Paths without significant
architecture revisions and avoiding disruptions to business operations.
- Quantifiable security posture improvement with the ability to report on Attack Path exposure of high value targets.
BloodHound Enterprise is distinct from BloodHound FOSS and SpecterOps remains fully committed to supporting BloodHound FOSS.