• Back

Verify Every Identity

Protect Authentication with QOMPLX’s Identity Assurance

Fortify your critical control infrastructure and cloud authentication

Authentication is the most important technology control because identity is fundamental to your organization’s activities. Attackers abuse your organization’s critical control infrastructure to create fraudulent credentials and gain administrative privileges while hiding their tracks.

Enterprises authenticate their employees, customers, and partners before authorizing them to access systems, processes, and data. QOMPLX’s Identity Assurance provides solutions for both the Cloud and on-premises servers by validating that each user who requests access is who they say they are, 100% of the time.*

*Deterministic detections, when properly configured.

Here’s How We Do It

Identity Assurance disrupts attacks by detecting the techniques common to all large-scale breaches, including credential forgery and privilege escalation.

  • QOMPLX’S Identity Assurance solution uses machine-learning algorithms and advanced analytics to give you a context-rich picture of user behavior for confident and timely detection of SAML-based attacks

  • It also detects catastrophic cyber attacks in near real time without false positives and filters the most relevant data to your security operations team.

  • And unlike our competitors, QOMPLX’s Identity Assurance software validates the authentication protocol itself without resorting to time-delayed “rule of thumb” heuristics

code-on-computer-screen purple-gradient-square

Key Features

Q:CYBER™ vs. The Competition

Identity Assurance
purple-laptop-computer
Other Solutions
black-laptop-computer
DETECTION

Deterministic detections:

  • Cloud Identity Forgery (i.e. Golden SAML)

  • Golden Ticket

  • Silver Ticket

  • DCShadow

  • DC Sync

Heuristic detections:

  • Skeleton Key Detection

  • Pass-the-Hash Attack Detection

  • Overpass-the-Hash Attack Detection

  • Kerberoasting Detection

  • Golden SAML

  • ASRepRoasting

  • Member Added to Sensitive Group

  • Excessive Failed Logon Attempts (Password Spraying)

  • Account Name Enumeration (Kerberos)

  • Successful Zone Transfer from Unknown Source

  • PowerShell Encoded Command Execution

  • PowerShell executed in the background

  • Discovery using built-in Windows utilities

  • Service Installed on a Sensitive System

  • Suspicious use of regsvr32

  • Honey Account Login

  • Honey Account Ticket Request

  • AdminSDHolder Modified

  • No validation of the Kerberos protocol.

  • No deterministic attack detection.

  • No detection of Silver Ticket attacks.

  • Only Heuristic detections of some attacks (Golden Ticket, DCShadow, DCSync).

TIME TO DETECT
  • Near-real-time detections of all Kerberos credential forgery, using state-of-the-art streaming analytics.

  • Delayed detection of attacks due to batch processing, giving attackers time to evade detections and embed into your network.

TIME TO VALUE
  • Deterministic detection in minutes* when deployed correctly, with no training required.

  • Heuristic algorithms require weeks to train before spotting “potential” attacks.

COST OF OWNERSHIP
  • QOMPLX analyzes data in its secure cloud, eliminating the need to process on-premises, or purchase equipment for analytics processing.

  • Deterministic detections means no additional labor costs, because security operations centers (SOCs) aren’t chasing false alerts.

  • Data analyzed on premises, straining network resources and performance and requiring upgrades to support added processing.

SCALING
  • Supports multi-forest deployments of Microsoft Active Directory.

  • Supports Kerberos on Linux and Unix.

  • Cross-correlation of logs and data adds value to other security investments.

  • Limited to a single technology stack or implementation.

  • Won’t scale across Active Directory forests or diverse infrastructure beyond Windows.

(*) following reset of KRBTGT as directed

Q:CYBER vs. The Competition

DETECTION

Deterministic detections:

  • Cloud Identity Forgery (i.e. Golden SAML)

  • Golden Ticket

  • Silver Ticket

  • DCShadow

  • DC Sync

Heuristic detections:

  • Skeleton Key Detection

  • Pass-the-Hash Attack Detection

  • Overpass-the-Hash Attack Detection

  • Kerberoasting Detection

  • Golden SAML

  • ASRepRoasting

  • Member Added to Sensitive Group

  • Excessive Failed Logon Attempts (Password Spraying)

  • Account Name Enumeration (Kerberos)

  • Successful Zone Transfer from Unknown Source

  • PowerShell Encoded Command Execution

  • PowerShell executed in the background

  • Discovery using built-in Windows utilities

  • Service Installed on a Sensitive System

  • Suspicious use of regsvr32

  • Honey Account Login

  • Honey Account Ticket Request

  • AdminSDHolder Modified

TIME TO DETECT
  • Near-real-time detections of all Kerberos credential forgery, using state-of-the-art streaming analytics.

TIME TO VALUE
  • Deterministic detection in minutes* when deployed correctly, with no training required.

COST OF OWNERSHIP
  • QOMPLX analyzes data in its secure cloud, eliminating the need to process on-premises, or purchase equipment for analytics processing.

  • Deterministic detections means no additional labor costs, because security operations centers (SOCs) aren’t chasing false alerts.

SCALING
  • Supports multi-forest deployments of Microsoft Active Directory.

  • Supports Kerberos on Linux and Unix.

  • Cross-correlation of logs and data adds value to other security investments.

DETECTION
  • No validation of the Kerberos protocol.

  • No deterministic attack detection.

  • No detection of Silver Ticket attacks.

  • Only Heuristic detections of some attacks (Golden Ticket, DCShadow, DCSync).

TIME TO DETECT
  • Delayed detection of attacks due to batch processing, giving attackers time to evade detections and embed into your network.

TIME TO VALUE
  • Heuristic algorithms require weeks to train before spotting “potential” attacks.

COST OF OWNERSHIP
  • Data analyzed on premises, straining network resources and performance and requiring upgrades to support added processing.

SCALING
  • Limited to a single technology stack or implementation.

  • Won’t scale across Active Directory forests or diverse infrastructure beyond Windows.

(*) following reset of KRBTGT as directed

Here’s What We Deliver

QOMPLX’s Identity Assurance solution extracts and maps your entire on-prem and cloud-identity environment in intuitive and interactive graphs, with ongoing analytics that assess risk across domains associated with hidden or complex interrelationships, risky configurations, critical changes, and behaviors such as privilege escalation.

To stop attacks before they damage your organization, QOMPLX’s Identity Assurance helps you:

Secure Employees’ Identities

Address a top CISO and CIO priority—strengthening your Active Directory and cloud Identity providers (IdPs) against attack

Detect Attacks

Detect stealthy attacks SAML-based attacks as well as attacks on your Active Directory.

Shorten Dwell Time

Shorten attacker’s dwell time with timely detection to minutes rather than weeks

Enhance the Value of Existing Security Tools

Reduce the load on your existing security tools including log management, security and incident management, and endpoint detection

Improve Asset Inventory Accuracy

Improve the accuracy of your technology asset inventory, particularly in environments with multiple Active Directory forests and complex trusts

Maintain Control

Ensure that your most important IT general control—authentication—operates with integrity

imac-computer-with-qomplx-cyber-user-interface-on-screen

Get your watchdog today.

Contact QOMPLX now.

Contact Us