Illusive has announced the release of its enhanced Identity Threat Detection and Response (ITDR) platform. The new features enable organisations to visualise misconfigurations in and between Active Directory and Azure Active Directory domains, as well as to discover and remediate Kerberoastable identity risks and privileged accounts unmanaged by privileged access management (PAM).
Additionally, Illusive visually correlates all identity risks with the MITRE ATT&CK framework so that organisations can more easily manage identity risk. According to a Gartner® report, security and risk management professionals should, “use the MITRE ATT&CK framework to correlate ITDR techniques with common attack scenarios to ensure that all the relevant attack vectors are addressed.”1
Despite the deployment of PAM, multi-factor authentication (MFA), and other identity and access management (IAM) solutions, Illusive research has discovered identity security vulnerabilities on 1 in 6 enterprise endpoints. Furthermore, an Enterprise Strategy Group survey revealed that the theft of cached credentials from devices and system memory is the most common source of attack.
“ITDR adds an additional layer of security to even mature identity and access management (IAM) deployments. As identity becomes more important, threat actors are increasingly targeting the identity infrastructure itself. Organisations must focus more on protecting their IAM infrastructure,” as per Gartner®.1
Illusive enables the comprehensive discovery of the unmanaged, misconfigured and exposed identity risks that leave every organisation vulnerable to attack. lllusive delivers aggregated, prioritised and contextualised insights into identity risks, so that security teams can focus on responding to their greatest risks first. It further fully automates remediation where there is no risk to business impact.
Illusive’s agentless approach scans directory structures (e.g. Active Directory), PAM solutions (e.g. CyberArk, Delinea), endpoints, servers and services, revealing the gaps between the intention of an organisation’s identity security policies and the reality of their environment. Illusive prevents attacks by taking away what attackers need to succeed: privileged account access.
New Features and Benefits in Illusive’s ITDR Platform Include:
- MITRE ATT&CK Risk Correlation – Associate identity risk factors to MITRE ATT&CK tactics, techniques and sub-techniques. Dashboard-level information indicating an aggregate view of the percentage of identities vulnerable to any specific attacker tactics, such as initial access, privilege escalation or credential access, which can be drilled down into the individual identities for an aggregated view of risk.
- Kerberoastable Accounts – Discover and remediate misconfigured Active Directory accounts with vulnerable Kerberos tickets that can be exploited by attackers to brute force credentials.
- Active Directory Domains & Trusts – A graphical visualisation of Active Directory forests, domains and trusts reveals misconfigurations that could enable an attacker to move between domains.
- ServiceNow Integration – Integrate with ServiceNow to create identity-based incident tickets to facilitate identity risk resolution in the ServiceNow Incident module from within the Illusive console.
- Delinea Centrify Integration – Connect with Delinea Centrify vault to continuously discover unmanaged accounts.
- Azure AD Privilege Classification – Classify Azure AD user privileges based on automatically collected evidence, such as directory or subscription-level privileged roles.