SpecterOps, a provider of adversary-focused cybersecurity solutions, today announced it has added support for Microsoft Azure to BloodHound Enterprise (BHE), the industry’s leading Attack Path Management (APM) security solution. Organizations can now proactively and continuously identify, manage and remediate identity Attack Paths in Active Directory (AD) and other access control systems whether they’re located on-premises, in the cloud or in a hybrid environment.
BloodHound Enterprise uses an approach called Attack Path Management to help IT Operations and Security Operations professionals dramatically and measurably improve their AD security posture with minimal effort. This process received high levels of customer interest and positive feedback after BHE launched in July 2021 and SpecterOps has now added support to cover other identity management systems, starting with Azure. Azure AD uses different technologies to manage identities and access, but is still vulnerable to the same types of identity Attack Paths as on-prem AD.
“Attack Path Management has proven to be wildly successful in helping organizations reduce their exposure to Attack Paths in traditional Active Directory; we’ve seen customers reduce exposure by over 30% in as little as 24 hours after deploying BloodHound Enterprise,” said David McGuire, CEO at SpecterOps. “But many of our users have a hybrid network, with both on-prem and cloud workloads. Support for Azure, which is our number-one new request from customers by far, will allow organizations running a hybrid cloud model to easily protect their entire identity infrastructure.”
There is a strong need for APM to improve the security of AD and other similar directory services products. These systems can be abused by attackers to gain control of systems and data, impersonate users, abuse legitimate access to non-AD systems and are regularly used by ransomware gangs like Conti, REvil and DarkSide to carry out ransomware attacks. In a 2020 survey of IT, security and Identity and Access Management professionals, 94% said that security against abuse of Active Directory was a top priority for their organization.
Securing Azure AD is particularly important because of the platform’s growth, complexity, and rapid rate of change. In October 2021, Microsoft reported that Azure and other cloud services grew 50% year over year in Q4 2021 and have grown between 47% and 62% every quarter since Q2 2020. Azure AD uses three separate systems to manage identity and access, all of which undergo significant changes regularly as the Azure platform is updated. This complexity creates additional attack paths and undermines the expertise of security and Identity and Access Management engineers. BloodHound Enterprise helps both groups regain control of Azure AD attack paths.
"BloodHound Enterprise gives us consistent visibility and actionable risk reduction across our Active Directory environment," said Marcus Sailler, head of Offensive Security at Capital Group. "As a highly regulated organization, we're excited to extend this visibility across Azure."
Other BHE customers include The University of Texas at Austin, Norwegian Cruise Line Holdings and Woodside Energy.
The new version of BloodHound Enterprise with support for Azure is available in early access now and will be generally available in April. For more detailed product information on BloodHound Enterprise, or to receive a demo, click here.