SentinelOne Identity

About the product

SentinelOne’s Active Directory (AD) protection is a key element in securing IT infrastructure, as AD is the central point for managing identities, permissions, and access in organizations. In terms of security, it is one of the main targets of attacks, as it provides access to resources and systems within the organization. SentinelOne provides Active Directory protection by enabling detection, prevention, and incident response mechanisms that cover all layers of this environment.

See producer

Advantages of the product

Detection and prevention of attacks on AD (AD Protection)
SentinelOne provides proactive detection and blocking of attempts to attack Active Directory. By monitoring changes in the AD structure, the solution detects unauthorized manipulation of accounts, groups, or policies that may indicate attempts to take control of the identity infrastructure.

Privilege Escalation Prevention
SentinelOne monitors permission changes in Active Directory and stops unauthorized attempts to elevate user privileges. This is particularly important because attackers often try to take over an account with higher privileges to gain access to more resources on the network.

Lateral Movement Detection
As part of AD protection, SentinelOne effectively detects lateral movement attacks, where attackers move around the network using lower-privileged user accounts to gain access to more sensitive resources.

Endpoint Isolation
If SentinelOne detects that a device connected to the network is the source of an AD attack, it isolates it from the rest of the network. This limits potential damage and prevents further compromise of systems and data.

Protection against Pass-the-Hash and Pass-the-Ticket attacks
SentinelOne protects Active Directory from Pass-the-Hash and Pass-the-Ticket attacks, which involve using stolen passwords and authentication tickets to gain access to other resources on the network.

Detection and blocking of unauthorized changes to AD policies
SentinelOne protects against unauthorized changes to Active Directory security policies that could weaken your security systems. This includes changes to resource access control configurations, password policies, and administrative privileges.

Benefits of Implementation

Increased identity security

Prevention of Pass-the-Hash and Pass-the-Ticket attacks

Detection and blocking of privilege escalation

Detection of lateral movement

Increased resistance to internal attacks

Protection against Kerberos Ticket Forgery attacks

Increased visibility and control over access

Protection against Domain Admin Compromise attacks

Automated Incident Response

Easy integration with existing infrastructure

Compliance and regulatory adherence

See other products SentinelOne 1

See all

SentinelOne

SentinelOne EDR/XDR

SentinelOne is a system designed to protect workstations and servers, which uses artificial intelligence to detect and neutralize threats in real time.