“Active Directory is a cybersecurity blind spot” according to Idan Plotnik, CEO of Aorato, the first context-aware, behavior-based Directory Services Application Firewall (DAF) which profiles, learns and predicts entities’ behaviors enabling context aware real-time decision-making.
Aorato’s approach is to focus on Microsoft’s Active Directory services activities by observing the network traffic between AD servers and the active network entities (users, devices etc.). The technology uses the interactions identified in this traffic to create the Organizational Security Graph, a model of observed relationships over time. Aorato monitors AD traffic comparing activities against the OSG model looking for anomalies that could represent attack behavior or security policy violations such as cleartext passwords, simple passwords, deleted or disabled users and computers activities. The DAF alerts on suspicious activities inserting them into an Attack Timeline – providing security professionals with the needed means to identify the steps in the attack chain from the seemingly harmless individual events.
“The product combines built-in knowledge of typical security violations and algorithms that constantly update and learn typical entity behaviors to alert suspicious or abnormal activities. We are giving customers visibility to what they currently can’t see today” said Plotnik of the main product benefits.
Initially coming out of the Cyber Security unit within the Israeli Defense Forces (IDF), Aorato’s founders have spent the last decade in cyber-security. Previously, co-founding and running Foreity and holding the prestigious Microsoft MVP awards for enterprise security, the founders are very much intimate with Directory Services and their cyber-security issues.
“In today’s world of persistent threats, malicious insiders, and Single Sign On leveraging account access, paying attention to Directory Services’ activity is key to an organizations’ security. Our creation of the Directory Services Application Firewall and OSG to focus on Active Directory provides a new level of needed insight within enterprises”, said David Monahan, EMA.
Aorato
At the core of Aorato’s founding was the acknowledgement that Active Directory is exposed – by default and by design. The consequence of which, is that the entire organization is at risk.
Existing security solutions track privileged accounts or changes performed to Active Directory. These solutions, however, are not able to mitigate attacks targeting the Active Directory (e.g. PtH/PtT attacks). Other cyber-security solutions take a global approach to detect anomalies in the whole network and cannot provide the complete picture of an attack against Directory Services.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.