SpecterOps, a provider of adversary-focused cybersecurity solutions and the creators of the free and open-source penetration testing tool BloodHound, today announced BloodHound Enterprise, an Attack Path Management (APM) security solution for Active Directory (AD). Designed to help organizations proactively and continuously identify, manage and remediate millions of AD Attack Paths, BloodHound Enterprise gives IT Ops and SecOps professionals the tools needed to dramatically and measurably improve AD security posture with minimal effort.
We spoke with Justin Kohler, product director for BloodHound Enterprise at SpecterOps to discuss the company and new offering more detail.
Tell us about SpecterOps. What is the company's mission?
SpecterOps provides advanced adversary simulation, detection and training services to enterprise clients. With the launch of BloodHound Enterprise – the company’s first commercial product – SpecterOps is helping organizations to secure Microsoft Active Directory (AD) and reduce the risks associated with AD Attack Paths, which are currently a largely unseen and unmanaged security issue that continues to grow at alarming rates. The company’s vision and mission is to help reduce the impact of vulnerabilities and misconfigurations associated with AD, and simplify the AD management for security teams.
What makes BloodHound special?
To clarify, BloodHound is a free and open source (FOSS) tool created by SpecterOps. It maps Attack Paths and is designed for red teams and penetration testing. It will continue to be fully supported by SpecterOps as a free and open source tool.
BloodHound Enterprise (the product being launched on 7/27/21) is a new enterprise solution built for blue teams and a defensive use case. It provides a level of visibility never before seen by AD architects and defenders. It continuously maps and identifies Attack Path choke points, providing an effective and simple way to cut off millions of Attack Paths that can occur through Active Directory (AD). AD is considered one of the easiest, most reliable, and biggest payoff targets for attackers when it comes to targeting corporate networks. Because it’s constantly evolving, admins struggle to stay on top of alerts and misconfiguration debt. This means attackers are almost guaranteed to find new Attack Paths. BloodHound Enterprise takes a top-down approach protecting high-value (tier zero) assets and mapping every Attack Path from this perspective through a visual interface. By identifying these critical choke points, the product allows teams to sever millions of Attack Paths with minimal effort.