Assess, Detect, and Remediate Threats to Your Active Directory
AD and Azure AD are common targets of identity-based cyber attacks. Their compromise can give attackers the foothold to expand access, establish persistence, escalate privileges, identify more targets, and move laterally.
Ranger® AD Protect from SentinelOne, composed of Ranger AD and Singularity Identity-Domain Controller edition, is an identity configuration assessment and threat detection bundle. It identifies misconfigurations, vulnerabilities, and attack indicators within Active Directory (AD) and Azure AD and detects active attacks aimed at on-premises AD controllers. By delivering prescriptive, actionable insight into exposures in your identity attack surface and detecting attacks targeting AD, Ranger AD Protect helps reduce the risk of compromise and aligns your assets with security best practices.
Reduce the AD Attack Surface
Detect Active AD Attack Indicators
Continuously Analyse Identity Exposure
Protect AD Controllers from Attack
Provide Conditional Access
Key Features and Benefits of Ranger® AD Protect
- Proactively address identity-based risk.
- Compare AD & Azure AD configurations to best practices.
- Understand AD & Azure AD security misconfigurations.
- Reveal domain, device, and user-level exposures.
- Stay informed of suspicious AD change events.
- Reduce the MTTR to identity-based attacks.
- Gain visibility and flexibility from continuous & on-demand monitoring for active AD attacks.
- Detect attacks actively targeting on-premises AD controllers from any networked device.
- Triggers MFA reauthentication when detecting suspicious activity on AD controllers.
Hundreds of Real-Time Checks
- Weak policies
- Credential harvesting
- Kerberos vulnerabilities
- Rogue domain controllers
- OS issues
- AD vulnerabilities
- Credentials analysis
- Privileged accounts
- Stale accounts
- Shared credentials
Singularity Identity-DC Detections
- Golden Ticket Attacks
- Silver Ticket Attacks
- Skeleton Key Attacks
- Pass-the-ticket Attacks
- Pass-the-hash Attacks
- Overpass-the-hash Attacks
- Forged PAC Attack
- DCSync Attack
- DCShadow Attack
- AS-REP Roasting Attack
- Recon of Privileged and Service Accounts across LDAP, SAMR, and LSAR protocols
- Flexible deployment: on-prem and SaaS.
- Flexible coverage: on-prem AD, Azure AD, and multi-cloud.
- Low friction implementation with fast, actionable results for Ranger AD, requiring just one endpoint and no privileged credentials.
- Achieve complete coverage for on-premises Active Directory, Azure AD, and multi-cloud environments.
- Singularity Identity-DC detects attacks from any device on the network with a single agent installed on each AD controller.
- Singularity Identity-DC provides conditional access protections to providers.