Five years ago, we released BloodHound on stage at DEFCON 24. Since then, BloodHound has helped reshape how penetration testers and red teamers execute engagements. We and many other folks always knew that while BloodHound was interesting on the offensive side, its underlying capabilities were actually far more compelling on the defensive side.
Today we are proud to introduce BloodHound Enterprise. BloodHound Enterprise is designed to help organizations solve the problem of Attack Paths in their Active Directory (AD) environments.
We always knew we wanted to build a solution to a well-defined problem: not build a solution in search of one. To that end, we focused our efforts on understanding the problem first and building the solution second. After releasing Bloodhound, we spent several years developing our understanding of the defensive problem. Simply put, the problem is that every organization running Active Directory today has unseen, unmanaged, and a growing number of Attack Paths in their networks — Attack Paths that adversaries discover and execute with growing reliability.
Attackers target AD because:
- Attacking AD provides unmatched payoff. Compromise AD and you own the entire enterprise; the computers that comprise it, the data within it, and the business processes that keep it lucrative.
- AD Attack Paths are as universal as AD itself is. Attackers can use the same attack primitives against almost any organization in the world, allowing them to transfer their experience and expertise from one target to the next.
- Detection isn’t enough to stop attackers, and evading detection is trivial for the moderately skilled attacker.
- AD offers several deep and obscure persistence options for adversaries. Even the most advanced defenders can never be 100% confident they’ve purged an attacker from the network.
- Attackers get unlimited retries at attacking AD. Every time they regain access, they learn a little more about the network, map out more of the Attack Paths, so that getting kicked out is more of an annoyance than a failure on their part.
After we were confident we understood the problem, we spent the next two years in development on BloodHound Enterprise to attack this problem head-on. During this period, we’ve had the opportunity to work with a handful of organizations and companies to test, develop, and validate our use-cases and features to solve this problem. While we were inspired by our previous work in BloodHound, BloodHound Enterprise represents a completely new technology built on a brand new architecture and analysis tooling, empowering organizations to minimize Attack Path risks.
Organizations can use BloodHound Enterprise to solve their Attack Path Management problems. BloodHound Enterprise flips the focus from listing all misconfigurations and risks in AD to identifying and prioritizing the most critical Attack Path “Choke Points” that lead to your high-value targets. By mitigating top-level Choke Points, teams can eliminate millions of Attack Paths at once. One of our design partners recently stated, “BloodHound Enterprise has done more to improve our AD Security in 6 months than we have achieved in the prior 5 or 10 years.”
This unique and different approach is possible because BloodHound Enterprise:
- Continuously and comprehensively maps all Attack Paths in the environment.
- Empirically assesses the impact of the most critical choke points.
- Surfaces practical, precise, safe remediation guidance.
- Continually monitors and reports on Attack Path exposure over time.
In addition to eliminating millions of Attack Paths, BloodHound Enterprise also provides organizations with:
- Measurably improved security posture through critical Attack Path elimination and monitoring.
- Unprecedented clarity and insight into AD permissions.
- Makes once-impractical best practices — such as least privilege, tiered administration, and credential hygiene — practical, attainable, and maintainable.
The BloodHound Team promise
As we launch and bring effective Attack Path Management to all, we are committed to provide to our customers unprecedented visibility into AD, a continued focus on educating and informing the community, and a commitment to support BloodHound Free and Open Source (FOSS). BloodHound Enterprise is an additional component of our commitment to the security and IT community.
Want to know more? Here’s how:
- Read more about Attack Path Management
- See how BloodHound Enterprise works
- Request a trial of BloodHound Enterprise
-The BloodHound Enterprise Team
Introducing BloodHound Enterprise: Attack Path Management for Everyone was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.