BloodHound is a public and freely available tool that uses graph theory to automate much of the confusion behind understanding relationships in an Active Directory (AD) environment. It allows hackers and pentesters to know precisely three things: which computers give admin rights to any user, which users effectively have admin rights to any computer, and effective group membership information (see Image 1). Because Bloodhound can be used maliciously, organizations need to better understand how it is being used, how to protect privileged users, and how to prevent attacks.
My partner Jay Leek and I have decades of experience as CISOs. We’ve both literally spoken with hundreds of security companies and it’s easy to become jaded. It's rare that we get truly excited about a new security technology. Preempt sparked that sense of excitement in both of us. If we really prioritize based on risk we’ll find that many security priorities aren't about chasing "advanced APT ninjas." It is about focusing on the more mundane functions of vulnerability and access management.
Topics: Adaptive Threat Prevention
Preempt began with a basic premise: Effective security within an enterprise should combine threat detection and real time response within a single solution. As enterprises transition to the cloud and the perimeter disappears, identity is the new perimeter. If identity is the new perimeter, access management from a security standpoint can lead to effective threat prevention. That simple but powerful idea was the genesis of Preempt and has given us the opportunity to solve challenging security problems for our customers.
Cyber security is a complex animal that requires many disciplines and a diverse toolkit. Typically, resources are limited, and incident response and security staff are overloaded with noise, irrelevant alerts and incomplete static information. With so many diverse systems its difficult to utilize them in a coordinated and timely way.
I’ve heard it many times from customers: “IT Security needs to be transparent to users in order to be successful.” Unfortunately, we are now in a digital age where things have dramatically changed and research has shown over and over that credential compromise is the top way that hackers breach an organization.