New Innovation Equips Defenders to Thwart Attackers Attempting Privilege Escalation
Horizon3.ai, the leading provider of offensive security solutions, announced the availability of Active Directory (AD) Tripwires, a major enhancement to its NodeZero® Offensive Security Platform.
Attackers target AD because it sits at the center of enterprise identity, with an estimated 90% of Global 1000 organizations relying on it for identity access management . While CVEs might open the first door, privilege escalation almost always happens through identity-driven techniques: cached tokens, Kerberos ticket reuse, weak trust relationships or misconfigurations. Traditional tools miss these moves because they blend into normal logs, leaving defenders blind until it’s too late.
“With news, our customers now have an attacker-informed early warning system – the equivalent of installing security cameras while breaking into your own house,” said Snehal Antani, CEO and Co-founder, Horizon3.ai. “We’re proud to be empowering more global defenders to go on the offensive, and, armed with an attacker’s-eye view of their security posture, stop more breaches before they happen.”
AD Tripwires now provides defenders with a powerful map and compass to catch attackers in the act of attempting privilege escalation to solve one of the most difficult and persistent challenges in deception: knowing where to put the decoys. As recently noted in the NSA’s jointly released guidance for Mitigating Active Directory Compromises, taking steps to properly gain control over AD remains a powerful way for enterprises to protect their most sensitive data from persistent attackers and stop breaches before they can cause reputational and financial damage.
With AD Tripwires, defenders can now:
- Reduce attacker dwell time from weeks to minutes;
- Catch attempts to steal credentials or escalate privileges at the identity layer before attackers achieve domain admin;
- Detect stealthy identity attacks that bypass traditional monitoring tools; and,
- Prove identity defenses are working in production.
Research shows nearly half of organizations have experienced AD attacks, with more than 40% resulting in compromise. A common example is Kerberos ticket abuse, with attackers quietly requesting tickets to crack and escalate privileges. AD Tripwires detects these actions immediately.
NodeZero has already proven in benchmarks like Game of Active Directory (GOAD) that AD can be compromised in minutes. AD Tripwires give defenders the ability to detect those types of identity attacks as they happen in production. In addition, AD Tripwires integrates seamlessly into SOC workflows, feeding directly into existing detection and alerting tools. Each alert includes the compromised identity, the attack path that led there and how the adversary attempted to use it, enabling faster and more precise incident response.
Catch more CIO Insights: CIOs and the Inferencing Economy: Planning for a Future Where AI is Always On
[To share your insights with us, please write to psen@itechseries.com ]
