StealthINTERCEPT Overview
•Transferir como PPTX, PDF•
0 gostou•743 visualizações
Advanced Threat Protection for your business. StealthINTERCEPT is a real-time monitoring and enforcement solution capable of integrating with SIEM that provides policy-based security enforcement to protect an organization’s critical business assets from attackers both within and outside the organization.
Recomendados
Recomendados
Mais conteúdo relacionado
Último
Último (20)
Destaque
Destaque (20)
StealthINTERCEPT Overview
- 2. StealthINTERCEPT® THE MISSING LINK FOR ADVANCED DATA SECURITY Organizations are faced with the constant challenge of ensuring that only the right people have access to the right assets at the right time 1 The challenges presented by cloud, mobile and sophisticated attackers demand a new approach to security2 STEALTHbits’ integrated portfolio has new capabilities to help organizations secure data and Active Directory as a new perimeter 3 Three Takeaways
- 3. Native logging kills performance Important events easily missed Many events not supported at all Events inconsistent across platforms and versions Connecting business impact to events near impossible Before and after values supported badly or not at all No guarantee that critical events are being logged No centralized command and control for logging No dependence on native logging Supports all activity, on all platforms, with all details, all the time Intelligent analysis allows you to be laser-focused on what’s important Get alerted on what matters in real-time Prevent critical changes that impact your business Centralized command and control achieved The Benefits of Real-Time Interception
- 4. StealthINTERCEPT® THE MISSING LINK FOR ADVANCED DATA SECURITY Prevent Report Audit ! Alert Top Use Cases Suspicious Behavior Detection Account Protection Group Protection IT Asset Protection Information Protection SIEM (w/ context) !
- 5. StealthINTERCEPT® THE MISSING LINK FOR ADVANCED DATA SECURITY Prevent Advanced Threats o Determine brute force attacks and block them before the damage is done o Alert on suspicious activity to critical data Enhance Your Administrative Model o Prevent administrators from accessing restricted data o Extend native security capabilities Protect Your Critical Business Assets o Monitor and prevent changes to critical Group Policies and OUs o Alert and block improper access to critical files Advanced Threat Detection Enhanced Administrative Model Critical Business Asset Protection Active Directory Exchange File Shares Servers SharePointDesktops StealthINTERCEPT®
- 6. StealthINTERCEPT® THE MISSING LINK FOR ADVANCED DATA SECURITY Top Reports Group Membership Changes Security Policy Enforcement Changes – GPO’s Horizontal Movement of Accounts Privileged Group Modifications Domain Controller & Server Physical Access Detection Security Changes on Folders and Files Microsoft Exchange Mailbox Breaches SIEM Integration
- 7. StealthINTERCEPT® THE MISSING LINK FOR ADVANCED DATA SECURITY Attend a Demo o www.stealthbits.com/events Next Steps Request a Trial o www.stealthbits.com/trial Learn More o www.stealthbits.com/resources Ask Us a Question o www.stealthbits.com/company/contact-us
Notas do Editor
- Serious security breaches usually involve patterns of behavior that are difficult to detect. By identifying the broad and spanning use of one or more privileged accounts, security officers are able to identify complex threats. Monitoring AD authentications, StealthINTERCEPT sees every login from every account and can provide insight into the usage of privileged accounts through the organization including the computer that the account was used on. This valuable insight can reveal inappropriate use of privileged accounts.
- Using StealthINTERCEPT, the security organization can restrict who makes changes to GPO’s and when. This allows a change management policy to be properly enforced ultimately reducing the risk of serious breach.
- StealthINTERCEPT audits and optionally prevents this breach by monitoring and blocking actions as defined by an organization’s security policies. StealthINTERCEPT integrates deeply with Active Directory to provide security events that reveal both simple and complex chain-of-event security breaches. Using StealthINTERCEPT’s policy enforcement feature, many complex breach scenarios can be prevented before they begin. Chain of events: - Admin adds Sales Group to Admins Group in what looks like a mistake - Admin resets User: Joel password, then logs in as Joel (a member of Sales) - Joel is now Admin, takes ownership and accesses whatever he wants - Admin removes Sales group after realizing “mistake” - Next day Joel logs in, but can’t – password lockout - Joel calls helpdesk and password is reset But with StealthINTERCEPT...the Admin is caught red-handed. Group changes are detected and alerted on. With enforcement, the event could have been prevented from even occurring.
- Using StealthINTERCEPT, administrator local login access can be detected and alerted upon. This deterrent provides an additional level of security to the organizations most sensitive assets. Security changes on Folders and Files With most security systems, there are classes of user accounts that hold the keys to the kingdom. In the Microsoft ecosystem, the administrator has the ability to override any security systems that are in place; this is often done by “taking ownership” of a resource. Once the administrator has taken ownership, permissions can then be altered to grant any user access. While this is necessary to prevent a locked-out situation, it provides a back door that any administrator can easily exploit. Further, considering the scope of file systems spanning tens of millions of folders across an organization, such an action would surely go unnoticed. Using StealthINTERCEPT, security officers can provide an umbrella of protection over sensitive file system data, eliminating the back door. StealthINTERCEPT’s real time file interception can block administrators from taking ownership of a file or folder and thus ensure the integrity of the intended permissions. Further, detection of such an attempt will be captured and an alert generated.
- Most organizations consider their email systems the number one business critical application. If one were to obtain access to the mailboxes of the CEO, CFO, CTO, CSO, etc, nearly a complete insider state of the business could be obtained. These mailboxes are home to one of the richest sources of sensitive data. Despite being such a sensitive asset, they are relatively unprotected against administrative access. Further, breaches are likely to go unnoticed. StealthINTERCEPT not only provides visibility and alerting into inappropriate access, but also prevents breaches from ever occurring.