• Back

Identity Assurance for Active Directory & Kerberos

Identity Assurance Protects Authentication

Safeguard your critical control infrastructure so you can focus on your business

Authentication is the most important technology control because identity is fundamental to your organization’s activities. Attackers abuse your organization’s critical control infrastructure to create fraudulent credentials and gain administrative privileges while hiding their tracks.

QOMPLX’s Identity Assurance solution disrupts cyber attacks by detecting the techniques common to all large-scale breaches, including credential forgery and privilege escalation. Identity Assurance validates that each user who requests access is who they say they are, 100% of the time, and with zero false positives.

The platform’s advanced detections keep your company’s data secure.

Here’s How We Do It

QOMPLX’S Identity Assurance solution uses machine-learning algorithms and advanced analytics to give you a context-rich picture of user behavior for confident and timely detection of AD-based attacks.

Q:CYBER vs. The Competition

Identity Assurance
purple laptop computer
Other Solutions
black laptop computer
DETECTION

Deterministic detections including:

  • Golden Ticket
  • Silver Ticket
  • DCShadow
  • DC Sync

Heuristic detection of:

  • Pass-the-Hash
  • Pass-the-Ticket
  • Overpass-the-Hash
  • Skeleton Key
  • Kerberoasting
  • NTDS.dit
  • LDAP Reconaissance
  • Domain enumeration

No validation of the Kerberos protocol.
No deterministic attack detection.
No detection of Silver Ticket attacks.
Only Heuristic detections of some attacks (Golden Ticket, DCShadow, DCSync).

TIME TO DETECT

Near-real-time detections of all Kerberos credential forgery, using state-of-the-art streaming analytics.

Delayed detection of attacks due to batch processing, giving attackers time to evade detections and embed into your network.

TIME TO VALUE

Deterministic detection in minutes* when deployed correctly, with no training required.

Heuristic algorithms require weeks to train before spotting “potential” attacks.

COST OF OWNERSHIP

QOMPLX analyzes data in its secure cloud, eliminating the need to process on-premises, or purchase equipment for analytics processing. Deterministic detections means no additional labor costs, because security operations centers (SOCs) aren’t chasing false alerts.

Data analyzed on premises, straining network resources and performance and requiring upgrades to support added processing.

SCALING

Supports multi-forest deployments of Microsoft Active Directory. Supports Kerberos on Linux and Unix. Cross-correlation of logs and data adds value to other security investments.

Limited to a single technology stack or implementation. Won’t scale across Active Directory forests or diverse infrastructure beyond Windows.

(*) following reset of KRBTGT as directed

Q:CYBER vs. The Competition

DETECTION

Deterministic detections including:

  • Golden Ticket
  • Silver Ticket
  • DCShadow
  • DC Sync

Heuristic detection of:

  • Pass-the-Hash
  • Pass-the-Ticket
  • Overpass-the-Hash
  • Skeleton Key
  • Kerberoasting
  • NTDS.dit
  • LDAP Reconaissance
  • Domain enumeration
TIME TO DETECT

Near-real-time detections of all Kerberos credential forgery, using state-of-the-art streaming analytics.

TIME TO VALUE

Deterministic approach makes detection possible within minutes of deployment.

COST OF OWNERSHIP

Data analyzed in secure cloud, reducing load on customer environment.

SCALING

Scales to support multi- forest deployments of Microsoft Active Directory as well as Kerberos on Linux and Unix. Cross-correlation of logs and data adds value to other security investments.

DETECTION

No validation of the Kerberos protocol.
No deterministic attack detection.
No detection of Silver Ticket attacks.
Only Heuristic detections of some attacks (Golden Ticket, DCShadow, DCSync).

TIME TO DETECT

No detection of Silver Ticket attacks. Deterministic Detection of Pass the ticket, pass the hash, overpass the hash, forged PAC, Gold Ticket, Malicious Replications, recon, Brute force and remote execution.

TIME TO VALUE

Heuristic approach requires weeks to train system to spot attacks like Golden and Silver Ticket.

COST OF OWNERSHIP

Data analyzed on premises, straining network resources and performance and requiring upgrades to support added processing.

SCALING

Often limited to a single technology stack or implementation. Difficult to scale across AD forests or diverse infrastructure.

Here’s What We Deliver

QOMPLX’s Identity Assurance solution extracts and maps your entire AD environment in intuitive and interactive graphs, with ongoing analytics that assess risk across domains associated with hidden or complex interrelationships, risky configurations, critical changes, and behaviors such as privilege escalation.

Get your watchdog today.

Contact QOMPLX now.

Contact Us