Authentication is the most important technology control because identity is fundamental to your organization’s activities. Attackers abuse your organization’s critical control infrastructure to create fraudulent credentials and gain administrative privileges while hiding their tracks.
Enterprises authenticate their employees, customers, and partners before authorizing them to access systems, processes, and data. QOMPLX’s Identity Assurance provides solutions for both the Cloud and on-premises servers by validating that each user who requests access is who they say they are, 100% of the time.*
*Deterministic detections, when properly configured.
Identity Assurance disrupts attacks by detecting the techniques common to all large-scale breaches, including credential forgery and privilege escalation.
QOMPLX’S Identity Assurance solution uses machine-learning algorithms and advanced analytics to give you a context-rich picture of user behavior for confident and timely detection of SAML-based attacks
It also detects catastrophic cyber attacks in near real time without false positives and filters the most relevant data to your security operations team.
And unlike our competitors, QOMPLX’s Identity Assurance software validates the authentication protocol itself without resorting to time-delayed “rule of thumb” heuristics
Deterministic detections:
Cloud Identity Forgery (i.e. Golden SAML)
Golden Ticket
Silver Ticket
DCShadow
DC Sync
Heuristic detections:
Skeleton Key Detection
Pass-the-Hash Attack Detection
Overpass-the-Hash Attack Detection
Kerberoasting Detection
Golden SAML
ASRepRoasting
Member Added to Sensitive Group
Excessive Failed Logon Attempts (Password Spraying)
Account Name Enumeration (Kerberos)
Successful Zone Transfer from Unknown Source
PowerShell Encoded Command Execution
PowerShell executed in the background
Discovery using built-in Windows utilities
Service Installed on a Sensitive System
Suspicious use of regsvr32
Honey Account Login
Honey Account Ticket Request
AdminSDHolder Modified
No validation of the Kerberos protocol.
No deterministic attack detection.
No detection of Silver Ticket attacks.
Only Heuristic detections of some attacks (Golden Ticket, DCShadow, DCSync).
Near-real-time detections of all Kerberos credential forgery, using state-of-the-art streaming analytics.
Delayed detection of attacks due to batch processing, giving attackers time to evade detections and embed into your network.
Deterministic detection in minutes* when deployed correctly, with no training required.
Heuristic algorithms require weeks to train before spotting “potential” attacks.
QOMPLX analyzes data in its secure cloud, eliminating the need to process on-premises, or purchase equipment for analytics processing.
Deterministic detections means no additional labor costs, because security operations centers (SOCs) aren’t chasing false alerts.
Data analyzed on premises, straining network resources and performance and requiring upgrades to support added processing.
Supports multi-forest deployments of Microsoft Active Directory.
Supports Kerberos on Linux and Unix.
Cross-correlation of logs and data adds value to other security investments.
Limited to a single technology stack or implementation.
Won’t scale across Active Directory forests or diverse infrastructure beyond Windows.
(*) following reset of KRBTGT as directed
Deterministic detections:
Cloud Identity Forgery (i.e. Golden SAML)
Golden Ticket
Silver Ticket
DCShadow
DC Sync
Heuristic detections:
Skeleton Key Detection
Pass-the-Hash Attack Detection
Overpass-the-Hash Attack Detection
Kerberoasting Detection
Golden SAML
ASRepRoasting
Member Added to Sensitive Group
Excessive Failed Logon Attempts (Password Spraying)
Account Name Enumeration (Kerberos)
Successful Zone Transfer from Unknown Source
PowerShell Encoded Command Execution
PowerShell executed in the background
Discovery using built-in Windows utilities
Service Installed on a Sensitive System
Suspicious use of regsvr32
Honey Account Login
Honey Account Ticket Request
AdminSDHolder Modified
Near-real-time detections of all Kerberos credential forgery, using state-of-the-art streaming analytics.
Deterministic detection in minutes* when deployed correctly, with no training required.
QOMPLX analyzes data in its secure cloud, eliminating the need to process on-premises, or purchase equipment for analytics processing.
Deterministic detections means no additional labor costs, because security operations centers (SOCs) aren’t chasing false alerts.
Supports multi-forest deployments of Microsoft Active Directory.
Supports Kerberos on Linux and Unix.
Cross-correlation of logs and data adds value to other security investments.
No validation of the Kerberos protocol.
No deterministic attack detection.
No detection of Silver Ticket attacks.
Only Heuristic detections of some attacks (Golden Ticket, DCShadow, DCSync).
Delayed detection of attacks due to batch processing, giving attackers time to evade detections and embed into your network.
Heuristic algorithms require weeks to train before spotting “potential” attacks.
Data analyzed on premises, straining network resources and performance and requiring upgrades to support added processing.
Limited to a single technology stack or implementation.
Won’t scale across Active Directory forests or diverse infrastructure beyond Windows.
(*) following reset of KRBTGT as directed
QOMPLX’s Identity Assurance solution extracts and maps your entire on-prem and cloud-identity environment in intuitive and interactive graphs, with ongoing analytics that assess risk across domains associated with hidden or complex interrelationships, risky configurations, critical changes, and behaviors such as privilege escalation.
Address a top CISO and CIO priority—strengthening your Active Directory and cloud Identity providers (IdPs) against attack
Detect stealthy attacks SAML-based attacks as well as attacks on your Active Directory.
Shorten attacker’s dwell time with timely detection to minutes rather than weeks
Reduce the load on your existing security tools including log management, security and incident management, and endpoint detection
Improve the accuracy of your technology asset inventory, particularly in environments with multiple Active Directory forests and complex trusts
Ensure that your most important IT general control—authentication—operates with integrity