Singularity™ Identity vs Creating Active Directory Objects

The attack on Cisco shows that identity-based attacks are a leading threat vector used in data breaches. From the perspective of a threat actor, targeting identity and access management gaps through compromised credentials is the quickest path to reaching a target’s resources and critical data. Attackers are very aware that Active Directory is the crown jewel of a business, granting them the ability to exfiltrate sensitive information, install backdoors, alter security policies, and more.

The threat actor leveraged machine accounts for privileged authentication and lateral movement across the environment, created an administrative user called “z” on the system using the built-in Windows “net.exe” commands, and executed additional utilities such as ADfind or secretsdump. Additionally, the threat actor was observed attempting to extract registry information, including the SAM database on compromised windows endpoints.

Singularity™ Identity prevents the discovery of AD objects using tools like ADfind and stops the dump of credentials from different credential stores. In addition, singularity™ Ranger AD detects suspicious Service Creation on DCs and reports abusing system services or daemons to execute commands or programs.

~~~Subscribe to our channels:~~~
Website: https://www.sentinelone.com/​​
LinkedIn: https://www.linkedin.com/company/sent​​…
Twitter: https://twitter.com/SentinelOne​​
Facebook: https://www.facebook.com/SentinelOne/​​
Instagram: https://www.instagram.com/sentinelsec/​​
~~~~~~~~~~~~
SentinelOne is the only cybersecurity solution encompassing AI-powered prevention, detection, response, and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous platform. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. To learn more visit www.sentinelone.com.
The attack on Cisco discussed in this post shows that identity-based attacks are a leading threat vector used in data breaches. From the perspective of a threat actor, targeting identity and access management gaps through compromised credentials is the quickest path to reaching a target’s resources and critical data. Attackers are very aware that Active Directory is the crown jewel of a business, granting them the ability to exfiltrate sensitive information, install backdoors, alter security policies, and more.

With the rapid shift to remote working environments and the adoption of hybrid and cloud environments, identity has become the new perimeter, highlighting the importance of visibility. Businesses must be able to detect and respond effectively and protect all of their various digital identities through a comprehensive identity security solution. SentinelOne identifies Identity Threat Detection and Response (ITDR) as the missing link between holistic XDR and zero trust strategies in the mission to protect organizations from threats at every stage of the attack journey.

Leveraging our deep industry knowledge and experience with fighting back privileged escalation and lateral movement, SentinelOne delivers comprehensive identity security as part of Singularity XDR for autonomous protection, including:

1. Singularity™ Identity: End credential misuse through real-time infrastructure defense for Active Directory and deception-based endpoint protections. Singularity™ Identity defends Active Directory & Azure AD domain controllers and domain-joined assets from adversaries aiming to gain privilege and move covertly.

2. Singularity™ Ranger® Active Directory Assessor: Uncover vulnerabilities in Active Directory and Azure AD with a cloud-delivered, continuous identity assessment solution. Ranger® AD Assessor delivers prescriptive, actionable insight to reduce Active Directory and Azure AD attack surfaces, bringing them in line with security best practices.

3. Singularity™ Hologram: Lure network and insider threat actors engage and reveal themselves with network-based threat deception. Singularity Hologram decoys stand at the ready, waiting to be engaged by adversaries and insiders. The resulting telemetry supports investigations and contributes to adversary intelligence.

~~~Subscribe to our channels:~~~
Website: https://www.sentinelone.com/​​
LinkedIn: https://www.linkedin.com/company/sent​​…
Twitter: https://twitter.com/SentinelOne​​
Facebook: https://www.facebook.com/SentinelOne/​​
Instagram: https://www.instagram.com/sentinelsec/​​
~~~~~~~~~~~~
SentinelOne is the only cybersecurity solution encompassing AI-powered prevention, detection, response, and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous platform. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. To learn more visit www.sentinelone.com.