Semperis, the pioneer of identity-driven cyber resilience for enterprises, today announced the general availability of Purple Knight 1.3, a free security assessment tool built to enhance organizations’ ability to fight identity-related cyberattacks by automatically uncovering Active Directory security weaknesses. The latest update to Purple Knight includes security indicators and prescriptive guidance to detect and remediate recent Microsoft vulnerabilities in the Windows Print Spooler service (PrintNightmare) and PetitPotam, bugs that attackers can exploit to gain full Domain Admin permissions in an organization. These exploits of Microsoft security flaws are the latest tactics that ransomware groups such as Vice Society and Magniber are using to unleash ransomware attacks, according to ZDNet.
“With PrintNightmare and PetitPotam, we continue to see high-impact attack vectors on Windows domains crop up, making it relatively easy for attackers to gain access to environments and very difficult for defenders to mitigate,” said Ran Harel, Semperis Senior Security Product Manager. “With this Purple Knight release, we’re sharing with the community—free of charge—the security indicators that our threat research team initially released to Directory Services Protector customers immediately after the vulnerabilities surfaced in the wild. The intent of Purple Knight is to help organizations—especially those without deep Active Directory experience on staff—detect these weaknesses that are often hard to diagnose and can open the door to devastating attacks.”
Purple Knight 1.3, which brings the total number of pre-attack and post-attack indicators to 76, now maps security indicators to the French National Agency for the Security of Information Systems (ANSSI) framework, in addition to the MITRE ATT&CK framework, which was supported with the first release of the tool.
Since its initial release in March 2021, Purple Knight has tapped an unmet need to identify and address security gaps in Active Directory, the primary identity store for 90% of businesses worldwide and a prime target for cybercriminals because of easily abused AD misconfigurations and the proliferation of sophisticated hacking tools. Thousands of IT and security professionals have downloaded the free tool, and in initial reports, organizations reported average scores of 61%—a barely passing grade. Large organizations fared the worst, challenged by legacy implementations and complex environments further complicated by merger and acquisition activity.
Purple Knight is a standalone utility that scans the Active Directory environment for Indicators of Exposure (IOEs) and Indicators of Compromise (IOCs) and provides a report that includes:
- An overall Active Directory security score plus scores in five individual categories: Account security, Active Directory delegation, Group Policy security, Active Directory infrastructure, and Kerberos security
- Details about the detected pre-attack and post-attack security indicators and the probability of compromise
- Correlation of results to MITRE ATT&CK and ANSSI frameworks
Leading global security-as-a-service and solution providers use Purple Knight to conduct security audits of their customers’ environments.
“With Purple Knight, we have the power of elite Active Directory domain expertise packaged into an easy-to-use, extremely powerful tool,” said Chris Vermilya, Director of Identity and Access Management (IAM) at Fishtech Group. “The tool safely uncovers weak configurations in client environments and helps us quickly close the gaps before attackers can exploit them. Since Active Directory is such a critical system that is constantly targeted, Purple Knight goes a long way in hardening organizational security, starting at the most common initial access point.”
For more such updates follow us on Google News ITsecuritywire News.