Assess, Detect, and Remediate Threats to Your Active Directory

AD and Azure AD are common targets of identity-based cyber attacks. Their compromise can give attackers the foothold to expand access, establish persistence, escalate privileges, identify more targets, and move laterally.

Ranger® AD Protect from SentinelOne, composed of Ranger AD and Singularity Identity-Domain Controller edition, is an identity configuration assessment and threat detection bundle. It identifies misconfigurations, vulnerabilities, and attack indicators within Active Directory (AD) and Azure AD and detects active attacks aimed at on-premises AD controllers. By delivering prescriptive, actionable insight into exposures in your identity attack surface and detecting attacks targeting AD, Ranger AD Protect helps reduce the risk of compromise and aligns your assets with security best practices.

Reduce the AD Attack Surface

Analyse configuration changes to conform with best practices and eliminate excessive privileges with actionable recommendations for quick remediation.

Detect Active AD Attack Indicators

Proactively monitor AD and Azure AD for activities that indicate potentially active attacks, both continuously and on-demand.

Continuously Analyse Identity Exposure

Skip the expensive and manual audits. Automatically pinpoint critical domain, device, and user-level exposures in Active Directory and Azure AD.

Protect AD Controllers from Attack

Detect attacks targeting on-premises AD controllers from any device on the network to stop threat actors early.

Provide Conditional Access

Forces partner MFA reauthentication when detecting unusual activity targeting AD controllers. Note that this capability is also available with the Singularity XDR platform.

Key Features and Benefits of Ranger® AD Protect

  • Proactively address identity-based risk.
  • Compare AD & Azure AD configurations to best practices.
  • Understand AD & Azure AD security misconfigurations.
  • Reveal domain, device, and user-level exposures.
  • Stay informed of suspicious AD change events.
  • Reduce the MTTR to identity-based attacks.
  • Gain visibility and flexibility from continuous & on-demand monitoring for active AD attacks.
  • Detect attacks actively targeting on-premises AD controllers from any networked device.
  • Triggers MFA reauthentication when detecting suspicious activity on AD controllers.

Hundreds of Real-Time Checks

Domain Level

  • Weak policies
  • Credential harvesting
  • Kerberos vulnerabilities

Device Level

  • Rogue domain controllers
  • OS issues
  • AD vulnerabilities

User Level

  • Credentials analysis
  • Privileged accounts
  • Stale accounts
  • Shared credentials

Singularity Identity-DC Detections

  • Golden Ticket Attacks
  • Silver Ticket Attacks
  • Skeleton Key Attacks
  • Pass-the-ticket Attacks
  • Pass-the-hash Attacks
  • Overpass-the-hash Attacks
  • Forged PAC Attack
  • DCSync Attack
  • DCShadow Attack
  • AS-REP Roasting Attack
  • Recon of Privileged and Service Accounts across LDAP, SAMR, and LSAR protocols

Fast Time-To-Value

  • Flexible deployment: on-prem and SaaS.
  • Flexible coverage: on-prem AD, Azure AD, and multi-cloud.
  • Low friction implementation with fast, actionable results for Ranger AD, requiring just one endpoint and no privileged credentials.
  • Achieve complete coverage for on-premises Active Directory, Azure AD, and multi-cloud environments.
  • Singularity Identity-DC detects attacks from any device on the network with a single agent installed on each AD controller.
  • Singularity Identity-DC provides conditional access protections to providers.