Authentication is the most important technology control because identity is fundamental to your
organization’s activities. Attackers abuse your organization’s critical control infrastructure to create
fraudulent credentials and gain administrative privileges while hiding their tracks.
QOMPLX’s Identity Assurance solution disrupts cyber attacks by detecting the techniques common to all
large-scale breaches, including credential forgery and privilege escalation. Identity Assurance validates
that each user who requests access is who they say they are, 100% of the time, and with zero false
positives.
The platform’s advanced detections keep your company’s data secure.
QOMPLX’S Identity Assurance solution uses machine-learning algorithms and advanced analytics to give you a context-rich picture of user behavior for confident and timely detection of AD-based attacks.
Deterministic detections including:
Heuristic detection of:
No validation of the Kerberos protocol.
No deterministic attack detection.
No detection of Silver Ticket attacks.
Only Heuristic detections of some attacks (Golden Ticket, DCShadow, DCSync).
Near-real-time detections of all Kerberos credential forgery, using state-of-the-art streaming analytics.
Delayed detection of attacks due to batch processing, giving attackers time to evade detections and embed into your network.
Deterministic detection in minutes* when deployed correctly, with no training required.
Heuristic algorithms require weeks to train before spotting “potential” attacks.
QOMPLX analyzes data in its secure cloud, eliminating the need to process on-premises, or purchase equipment for analytics processing. Deterministic detections means no additional labor costs, because security operations centers (SOCs) aren’t chasing false alerts.
Data analyzed on premises, straining network resources and performance and requiring upgrades to support added processing.
Supports multi-forest deployments of Microsoft Active Directory. Supports Kerberos on Linux and Unix. Cross-correlation of logs and data adds value to other security investments.
Limited to a single technology stack or implementation. Won’t scale across Active Directory forests or diverse infrastructure beyond Windows.
(*) following reset of KRBTGT as directed
Deterministic detections including:
Heuristic detection of:
Near-real-time detections of all Kerberos credential forgery, using state-of-the-art streaming analytics.
Deterministic approach makes detection possible within minutes of deployment.
Data analyzed in secure cloud, reducing load on customer environment.
Scales to support multi- forest deployments of Microsoft Active Directory as well as Kerberos on Linux and Unix. Cross-correlation of logs and data adds value to other security investments.
No validation of the Kerberos protocol.
No deterministic attack detection.
No detection of Silver Ticket attacks.
Only Heuristic detections of some attacks (Golden Ticket, DCShadow, DCSync).
No detection of Silver Ticket attacks. Deterministic Detection of Pass the ticket, pass the hash, overpass the hash, forged PAC, Gold Ticket, Malicious Replications, recon, Brute force and remote execution.
Heuristic approach requires weeks to train system to spot attacks like Golden and Silver Ticket.
Data analyzed on premises, straining network resources and performance and requiring upgrades to support added processing.
Often limited to a single technology stack or implementation. Difficult to scale across AD forests or diverse infrastructure.
QOMPLX’s Identity Assurance solution extracts and maps your entire AD environment in intuitive and interactive graphs, with ongoing analytics that assess risk across domains associated with hidden or complex interrelationships, risky configurations, critical changes, and behaviors such as privilege escalation.