Advanced Threat Protection for your business.
StealthINTERCEPT is a real-time monitoring and enforcement solution capable of integrating with SIEM that provides policy-based security enforcement to protect an organization’s critical business assets from attackers both within and outside the organization.
2. StealthINTERCEPT®
THE MISSING LINK FOR
ADVANCED DATA SECURITY
Organizations are faced with the constant challenge of ensuring that
only the right people have access to the right assets at the right time
1
The challenges presented by cloud, mobile and sophisticated attackers
demand a new approach to security2
STEALTHbits’ integrated portfolio has new capabilities to help
organizations secure data and Active Directory as a new perimeter
3
Three Takeaways
3. Native logging kills performance
Important events easily missed
Many events not supported at
all
Events inconsistent across
platforms and versions
Connecting business impact to
events near impossible
Before and after values
supported badly or not at all
No guarantee that critical events
are being logged
No centralized command and
control for logging
No dependence on native
logging
Supports all activity, on all
platforms, with all details, all
the time
Intelligent analysis allows you
to be laser-focused on what’s
important
Get alerted on what matters in
real-time
Prevent critical changes that
impact your business
Centralized command and
control achieved
The Benefits of Real-Time Interception
4. StealthINTERCEPT®
THE MISSING LINK FOR
ADVANCED DATA SECURITY
Prevent
Report
Audit
!
Alert
Top Use Cases
Suspicious Behavior
Detection
Account Protection
Group Protection
IT Asset Protection
Information Protection
SIEM (w/ context)
!
5. StealthINTERCEPT®
THE MISSING LINK FOR
ADVANCED DATA SECURITY
Prevent Advanced Threats
o Determine brute force attacks and block them
before the damage is done
o Alert on suspicious activity to critical data
Enhance Your Administrative Model
o Prevent administrators from accessing restricted
data
o Extend native security capabilities
Protect Your Critical Business Assets
o Monitor and prevent changes to critical Group
Policies and OUs
o Alert and block improper access to critical files
Advanced Threat Detection
Enhanced Administrative Model
Critical Business Asset Protection
Active Directory
Exchange
File Shares Servers
SharePointDesktops
StealthINTERCEPT®
6. StealthINTERCEPT®
THE MISSING LINK FOR
ADVANCED DATA SECURITY
Top Reports
Group Membership Changes Security Policy Enforcement
Changes – GPO’s
Horizontal Movement of
Accounts
Privileged Group Modifications
Domain Controller & Server
Physical Access Detection
Security Changes on Folders and
Files
Microsoft Exchange Mailbox
Breaches
SIEM Integration
7. StealthINTERCEPT®
THE MISSING LINK FOR
ADVANCED DATA SECURITY
Attend a Demo
o www.stealthbits.com/events
Next Steps
Request a Trial
o www.stealthbits.com/trial
Learn More
o www.stealthbits.com/resources
Ask Us a Question
o www.stealthbits.com/company/contact-us
Notas do Editor
Serious security breaches usually involve patterns of behavior that are difficult to detect. By identifying the broad and spanning use of one or more privileged accounts, security officers are able to identify complex threats. Monitoring AD authentications, StealthINTERCEPT sees every login from every account and can provide insight into the usage of privileged accounts through the organization including the computer that the account was used on. This valuable insight can reveal inappropriate use of privileged accounts.
Using StealthINTERCEPT, the security organization can restrict who makes changes to GPO’s and when. This allows a change management policy to be properly enforced ultimately reducing the risk of serious breach.
StealthINTERCEPT audits and optionally prevents this breach by monitoring and blocking actions as defined by an organization’s security policies.
StealthINTERCEPT integrates deeply with Active Directory to provide security events that reveal both simple and complex chain-of-event security breaches. Using StealthINTERCEPT’s policy enforcement feature, many complex breach scenarios can be prevented before they begin.
Chain of events:
- Admin adds Sales Group to Admins Group in what looks like a mistake
- Admin resets User: Joel password, then logs in as Joel (a member of Sales)
- Joel is now Admin, takes ownership and accesses whatever he wants
- Admin removes Sales group after realizing “mistake”
- Next day Joel logs in, but can’t – password lockout
- Joel calls helpdesk and password is reset
But with StealthINTERCEPT...the Admin is caught red-handed. Group changes are detected and alerted on. With enforcement, the event could have been prevented from even occurring.
Using StealthINTERCEPT, administrator local login access can be detected and alerted upon. This deterrent provides an additional level of security to the organizations most sensitive assets.
Security changes on Folders and Files
With most security systems, there are classes of user accounts that hold the keys to the kingdom. In the Microsoft ecosystem, the administrator has the ability to override any security systems that are in place; this is often done by “taking ownership” of a resource. Once the administrator has taken ownership, permissions can then be altered to grant any user access. While this is necessary to prevent a locked-out situation, it provides a back door that any administrator can easily exploit. Further, considering the scope of file systems spanning tens of millions of folders across an organization, such an action would surely go unnoticed.
Using StealthINTERCEPT, security officers can provide an umbrella of protection over sensitive file system data, eliminating the back door. StealthINTERCEPT’s real time file interception can block administrators from taking ownership of a file or folder and thus ensure the integrity of the intended permissions. Further, detection of such an attempt will be captured and an alert generated.
Most organizations consider their email systems the number one business critical application.
If one were to obtain access to the mailboxes of the CEO, CFO, CTO, CSO, etc, nearly a complete insider state of the business could be obtained. These mailboxes are home to one of the richest sources of sensitive data. Despite being such a sensitive asset, they are relatively unprotected against administrative access. Further, breaches are likely to go unnoticed.
StealthINTERCEPT not only provides visibility and alerting into inappropriate access, but also prevents breaches from ever occurring.