New QOMPLX Real-Time Cloud Identity Forgery Detections Restore Trust in Cloud Authentication

QOMPLX Identity Assurance is the leader in detecting both Kerberos and SAML-based attacks, minimizing lateral movement and privilege escalation in the world’s largest networks

May 04, 2021 07:45 AM EDT

TYSONS CORNER, Va.– Today, QOMPLX announced the extension of its Identity Assurance analytics solution to automatically detect identity-based attacks on cloud service providers. The company’s new Cloud Identity Forgery detections for Q:CYBER detect lateral movement and post-exploitation attacks, including those used in the SolarWinds (Sunburst) compromises, in which attackers illicitly accessed federated cloud services using forged Security Assertion Markup Language (SAML) assertions. With these new Cloud Identity Forgery detections, customers’ enterprise authentication infrastructures are protected seamlessly across on-premise and cloud environments - even when linked together for hybrid environments.

Since 2018, QOMPLX’s award-winning Identity Assurance software has provided the industry’s fastest and most accurate enterprise identity detections for attacks against Active Directory abusing the Kerberos protocol. Identity Assurance protects some of the world’s largest networks with its patented, stateful detections for Golden Ticket, Silver Ticket, DCSync, and DCShadow authentication attack techniques, as well as with additional real-time detections for related attacks and anomalous behaviors in on-premise authentication. Building on this success, Identity Assurance’s new and patented Cloud Identity Forgery detections extend these strong on-premise capabilities to customers’ SAML-authenticated cloud applications for supported identity providers. This new offering brings to market years of research and development, giving customers powerful new tools to restore and improve trust in authentication across their extended enterprises.

“Companies have been moving their applications to SaaS- and cloud-based services at a rapid clip. To secure their expanded perimeters, CISOs need these cloud services to trust their enterprise identity credentials,” explained Andrew Jaquith, QOMPLX’s CISO and Cyber General Manager. “QOMPLX has been researching and selectively publishing how threat actors might compromise SAML-based cloud identities and trust relationships between cloud and on-premise identity infrastructure since the security community published the ‘Golden SAML’ technique in 2017. We are pleased to be putting these state-of-the-art detections in our customers’ hands to help secure their cloud services, especially when coupled with our market-leading identity detections for on-premise and hybrid environments.”

With this new addition to the Q:CYBER Identity Assurance suite, the most advanced Active Directory Security solution in the market is now also the most advanced SAML security solution available. QOMPLX’s ability to detect attacks based on anomalous or inappropriate activity and its unique streaming authentication protocol validation approach continues to drive its selection by multiple global leaders across a variety of industries.

For more information or to speak with a QOMPLX executive about QOMPLX’s new “Cloud Identity Forgery” detections, contact Luke Schleusener, Director of Public Policy, at (571) 342-6262.

ABOUT QOMPLX:

QOMPLX is the leader in cloud-native risk analytics. We help organizations around the world make intelligent business decisions and better manage risk through our advanced, proprietary risk cloud. We are the leaders at rapidly ingesting, transforming, and contextualizing large, complex, and disparate data sources through our data factory in order to help organizations better quantify, model, and predict risk in areas including cybersecurity, insurance, and finance. For more information, visit qomplx.com and follow us on Twitter.

Contacts

Luke Schleusener
Director of Public Policy
QOMPLX, Inc.
(571) 342-6262