An Active Directory has countless paths threat actors can take to infiltrate computer networks — a problem that's primarily a focus of excessive permissions. However, sifting through every group and user relationship is quite difficult and exhaustive, if not impossible for most enterprises.
“Forest Druid flips the script, taking an inside-out approach to attack path management. Forest Druid focuses on attack paths leading into the Tier 0 perimeter — saving time by prioritizing your most critical assets,” Semperis explains. Furthermore, Forest Druid discovers vulnerable Tier 0 assets that otherwise go unseen and unprotected and allows for speedy remediation.
Semperis CEO Mickey Bresman explains that defenders know you can't protect what you can't see, as we’re firsthand the alarming pattern of attacks exploiting unknown and unsecured Tier 0 assets in Active Directory:
“Forest Druid visualizes Tier 0 assets in Active Directory and shines a spotlight on all the lingering ownership relationships to these entities, helping to dramatically reduce unnecessary privileges, which are responsible for most of the attack paths leading to your most sensitive assets."
MSSP Partners Can Gain an Edge on AD Attacks
Forest Druid is the latest of several free tools released by Semperis, including Purple Knight, a hybrid Active Directory cybersecurity assessment tool used by more than 10,000 enterprises.
Dave Evans, Semperis' vice president of Global Channels & Alliances, says that his company's MSSP partners have yet another resource at their disposal:
"With the introduction of Forest Druid, Semperis partners now have another powerful resource, in addition to Purple Knight, to help their customers guard against attacks on Active Directory. Whereas Purple Knight provides an AD assessment to uncover security vulnerabilities, Forest Druid helps cyber defenders define the Tier 0 perimeter, which cuts time in discovering attack paths that lead to the most sensitive assets. Used together, Forest Druid and Purple Knight give Semperis partners an edge in providing comprehensive identity system defense to their customers."
Forest Druid is initially being distributed through an approved network of partners, who have all rigorously tested the tool and can help organizations understand the implications of their unique results. Organizations who prefer not to work with a partner can submit an early access request form and the Semperis team will be in touch.
Microsoft AD a Popular Attack Target
SentinelOne reports that cyber adversaries have increasingly set their sights on abusing Microsoft’s Active Directory, as it serves as a gateway into the entirety of a network. Endpoint detection and response (EDR) solutions can protect endpoints. But without identity protection, a threat actor may compromise an Active Directory and increase their chances of finding holes in the network that can be exploited and used to launch ransomware attacks.
In response, SentinelOne offers its early detection solution, SentinelOne® Identity.