Until Now, Forged Kerberos Sessions Could Only be Detected Retroactively
BOSTON & TEL AVIV, Israel–(BUSINESS WIRE)–#ActiveDirectory—Silverfort, the unified identity protection company, today released a new protection capability that enables organizations to proactively prevent lateral movement attacks that utilize the Pass the Ticket (PTT) technique. This Kerberos-based exploit could previously only be detected after an attack was carried out.
PTT is a post-exploitation method in which attackers compromise or create a valid Kerberos ticket and use it to authenticate to other endpoints and servers in the victim’s environment. It is especially difficult to detect and prevent because Active Directory cannot discern between legitimate and malicious Kerberos authentication tickets.
“Pass the Ticket attacks allow hackers to move laterally and undetected within the network because they appear to be performing ‘authorized’ access requests,” said Yaron Kassner, CTO of Silverfort. “Since we have visibility into the full context of each user session, Silverfort is able to distinguish between legitimate and suspicious Kerberos authentication activity.”
Currently, security teams are unable to prevent PTT attacks as they occur and must instead rely on detecting anomalous authentication activity and retracing its origin. Silverfort has developed native integrations with identity directories, including Active Directory, that enables it to monitor, analyze the risk and enforce real time security controls on all access requests.
In the case of PTT attacks, Silverfort’s AI-based risk engine will detect that the provided Kerberos ticket is malicious and not part of a legitimate authentication request. Based on the configured policy, Silverfort will instruct Active Directory to either block access or require multi-factor authentication to terminate the attack.
The Silverfort Unified Identity Protection Platform with PTT protection is available immediately from Silverfort and its business partners worldwide.
Silverfort has created a Unified Identity Protection Platform that consolidates security controls across corporate networks and cloud environments to block identity-based attacks. Using innovative agentless and proxyless technology, Silverfort seamlessly integrates with all existing IAM solutions extending their coverage to assets that cannot otherwise be protected including homegrown/legacy applications, IT infrastructure, file systems, command-line tools, machine-to-machine access, and more. It continuously monitors all access by users and service accounts across both cloud and on-premise environments, analyzes risk in real-time using an AI-based engine, and enforces adaptive authentication and access policies.
The company has been named a Gartner ‘Cool Vendor’, 451 Research ‘FireStarter’, CNBC ‘Upstart 100’, Citi’s Most Promising Fintech Startups for 2020 in the Cybersecurity Category and Most Promising Cybersecurity Startup of the Year by CDM Magazine. For more information, visit us at https://www.silverfort.com/ and follow us on LinkedIn and Twitter.
Marc Gendron PR for Silverfort