Falcon Identity Protection by CrowdStrike

Austin, TX | 2011 | www.crowdstrike.com

Falcon Identity Protection, which includes both Falcon Identity Threat Protection and Falcon Identity Threat Detection, is an ITDR solution that enables real-time prevention, detection and response of complex identity-based threats, including ransomware. 

 Key features:

• • Part of the CrowdStrike Falcon Platform with a single unified agent for identity and endpoint protection
  • Provides continuous, multi-directory visibility for all identities across AD, Azure AD and any cloud single sign-on (SSO) solution
  • Simple “point and click” functionality for discovering all credentials across the entire on-premises, cloud, hybrid or multi-cloud environment
  • Automatically classifies identities as cloud-only or hybrid and provides customized risk scores for each
  • Detects lateral movement and anomalous traffic in real time by any user or service account
  • Provides correlated events and risk scoring that can track by credential or entity/endpoint for all related activity for incident response
  • Correlates with the MITRE ATT&CK framework

Unified Security Platform by CyberArk

Newton, MA | 1999 | www.cyberark.com 

The Unified Identity Security Platform from CyberArk leverages intelligent privilege controls to provide secure access for any identity to any resource or environment from any location, using any device.

Key features:

• • Real-time, continuous threat detection and prevention for AD and Azure AD
  • Simple and secure access to business resources using single sign-on and adaptive MFA
  • End-to-end visibility via a single admin portal
  • Ability to discover and manage all credentials and remediate risks across all environments
  • Protect privileged access across all identities, infrastructure and apps, from the endpoint to the cloud

Spotlight by Illusive

Tel Aviv, Israel and New York, NY | 2014 | www.illusive.com

Illusive Spotlight is an ITDR solution that enables clients to automatically discover and remediate identity vulnerabilities in real-time. 

Key features:

• • Agentless solution
  • Continuous discovery and prioritization of identity security risks, including AD and Azure AD misconfigurations, privileged access management (PAM) coverage gaps, and endpoint exposures
  • Automated remediation
  • Deception deployment to support failsafe intruder detection
  • Identity-risk dashboard to effectively detect privilege escalation and lateral movement, as well as assess the risk of new environments
  • Automated evidence collection to support reporting, audits and compliance activity

Microsoft Defender by Microsoft

Redmond, WA | 1975 | www.microsoft.com

Microsoft Defender is a comprehensive identity and access product suite that provides continuous, real-time protection against identity-based attacks. 

Key features: 

• • Incorporates new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity
  • Verifies all types of identities; secures, manages, and governs access of any app or resource to any user
  • Secures and verifies identities across hybrid and multicloud environments
  • Real-time intelligent access decisions

Directory Service Provider by Semperis

Hoboken, NJ | 2013 | www.semperis.com 

Directory Service Protector is an AD and Azure AD security assessment tool offered by Semperis.

Key features:

• • Comprehensive assessment scans for the most common and effective attack vectors to identify high-risk configurations and other security vulnerabilities
  • Supports on-premises AD and Azure AD
  • Generates a custom security score based on indicators of exposure (IOEs) and indicators of compromise (IOCs)
  • Additional support to help prioritize remediation efforts
  • Community-driven threat models and updates
  • MITRE ATT&CK correlation

Identity Suite by SentinelOne

Mountain View, CA | 2013 | www.sentinelone.com

Identity Suite by SentinelOne is a comprehensive, real-time identity security solution that offers prevention, detection and response capabilities. 

Key features:

• • Real-time protection against a wide array of identity-related risks, including credential theft, credential misuse in AD, privilege escalation, lateral movement, data cloaking and identity exposure
  • Continuous, end-to-end visibility for all managed or unmanaged systems on any OS, across all endpoints
  • Deception deployment and decoys
  • Comprehensive protection for on-premises AD, Azure AD, and multi-cloud environments, as well as domain-joined assets

Unified Identity Protection from Silverfort

Tel Aviv, Israel | 2016 | www.silverfort.com 

Unified Identity Protection is an identity security solution that extends MFA and modern identity security to any resource, including those once considered “unprotectable”, such as legacy applications, service accounts and OT systems. 

Key features: 

• • Agentless and proxyless solution
  • Comprehensive offering, including prevention, detection and remediation for all resources, access interfaces and users
  • Supports on-premises, cloud-based and hybrid environments
  • Real-time visibility and response capabilities
  • Leverages anomalous behavior based on all authentication requests to detect risk
  • Connects and translates all protocols, IAM solutions and resources in a single cloud IAM platform

Active Directory Security and Management Solution by Stealthbits

Hawthorne, NJ | 2001 | www.stealthbits.com

The Active Directory Security and Management Solution is a suite of tools offered by Stealthbits that enables real-time prevention, detection and response capabilities within the AD. 

Key features:

• • Comprehensive offering that includes: vulnerability identification; permissions auditing and governance; malicious change recovery; password policy enforcement; detection; and response
  • Complete visibility of the AD environment, including all objects, policies and configurations
  • Prioritization of risk and remediation efforts
  • Continuous monitoring of changes to critical objects and other actions that may indicate an attack
  • Open architecture that supports integration with virtually any system within the security stack

Tenable.ad by Tenable

Columbia, MD | 2002 | www.tenable.com

Tenable.ad is an identity security solution that enables continuous, real-time detection and response capabilities of AD attacks, as well as identification of weaknesses within the AD. 

Key features:

• • Agentless solution
  • Ability to find hidden weaknesses within the AD, including misconfigurations; Step-by-step remediation guidance
  • On-premises and cloud-based solution
  • Ability to correlate AD changes and malicious actions
  • MITRE ATT&CK integration allows users to access descriptions directly from detected incidents
  • Syslog integration supports out-of-the-box functionality for all SIEM and most ticketing systems

Varonis for Active Directory by Varonis

New York, NY | 2005 | www.varonis.com

Varonis for Active Directory is a comprehensive identity solution that allows companies to find and fix commonly exploited misconfigurations within the AD. 

Key features:

• • Agentless solution
  • Continuous, real-time awareness of AD and Azure AD vulnerabilities
  • Support services for risk prioritization and event response
  • Domain visualization for all domain and local users, groups, and objects in a single interface
  • Correlates AD events with data access and network activity to spot anomalous behaviors that may indicate an attack or compromise
  • Unified audit trail provides a complete record of every meaningful action on mission-critical systems
  • SIEM integration enables real-time, data-centric alerts via syslog, SNMP, or custom-built connector