Illusive have announced the release of its improved Identity Threat Detection and Response (ITDR platform. The new features enable organizations to visualize misconfigurations within and between Active Directory and Azure Active Directory domains, as well as to discover and remediate Kerberostable identity risks and privileged accounts not managed by privileged access management (PAM).
Additionally, Illusive visually links all identity risks to the MITER ATT&CK framework so organizations can more easily manage identity risk. According to a Gartner® report, security and risk management professionals should, “use the MITER ATT&CK framework to relate ITDR techniques to common attack scenarios to ensure that all relevant attack vector has been addressed.”1
Despite the deployment of PAM, multi-factor authentication (MFA), and other identity and access management (IAM) solutions, Illusive research found that identity security vulnerabilities in 1 in 6 enterprise endpoints. Furthermore, a survey by the Enterprise Strategy Group revealed that stealing cached credentials from devices and system memory is the most common source of attack.
“ITDR adds an additional layer of security to even mature identity and access management (IAM) deployments. As identity becomes more important, threat actors increasingly target the identity infrastructure itself. Organizations must focus more on protecting their IAM infrastructure,” according to Gartner®.1
Illusive enables comprehensive detection of unmanaged, misconfigured and exposed identity risks that leave every organization vulnerable to attack. llusive delivers aggregated, prioritized and contextualized insights into identity risks, so security teams can focus on addressing their biggest risks first. It further fully automates remediation where there is no risk of business impact.
Illusive’s agentless approach examines directory structures (e.g. Active Directory), PAM solutions (e.g. CyberArk, Delinea), endpoints, servers and services, revealing gaps between policy intent to the security of an organization’s identity and the reality of their environment. Illusive prevents attacks by removing what attackers need to succeed: privileged account access.
New Features and Benefits in Illusive’s ITDR Platform include:
- MITER ATT&CK Relationship to Risk – Relate identity risk factors to MITER ATT&CK tactics, procedures and sub-techniques. Dashboard-level information that provides an aggregated view of the percentage of identities vulnerable to any particular attack tactic, such as initial access, privilege escalation or credential access, that can be drill down to individual identities for an integrated view of risk.
- Kerberoastable Accounts – Detect and remediate misconfigured Active Directory accounts with vulnerable Kerberos tickets that can be exploited by attackers to brute force credentials.
- Active Directory Domains and Trusts – A graphical visualization of Active Directory forests, domains and trusts shows misconfigurations that could allow an attacker to move between domains.
- ServiceNow integration – Integrate with ServiceNow to create identity-based incident tickets to facilitate identity risk resolution in the ServiceNow Incident module from within the Illusive console.
- Integration of Delinea Centrify – Connect to the Delinea Centrify vault to continuously discover unmanaged accounts.
- Azure AD Privilege Classification – Classify Azure AD user privileges based on automatically collected evidence, such as directory or subscription level privileged roles.