Get started Bring yourself up to speed with our introductory content.

Understanding Aorato's Directory Services Application Firewall

How Aorato's Directory Services Application Firewall protects Active Directory, and why it's useful for enterprises.

I recently heard about a vendor that was launching what it called a directory services application firewall to protect Active Directory by analyzing sessions and protocols. Can you help me understand how this kind of product works? What would the enterprise use case be?

Aorato, a security startup that emerged in January 2014, adds to the offerings of application-aware security vendors with its new Directory Services Application Firewall (DAF). DAF focuses on the security of Microsoft's Active Directory, which Aorato founder and CEO Idan Plotnick asserts is often the weak spot of many organizations and generally the easiest place to gain a foothold. Target is a perfect example of this type of attack, with the legitimate user credentials of an HVAC contractor compromised and leveraged to exploit its systems in a cataclysmic data breach. Confident in its product, Aorato offers a two-month free trial of DAF to 10 IT or security professionals.

The differentiator for Aorato's DAF is its emphasis on visibility into application-specific traffic and anomalous user behavior. DAF analyzes all Active Directory traffic on a mirrored switchport or tap, establishes baselines of behavior and then using graph analysis, looks for irregularities. Alerts can be forwarded to existing SIEMs -- such as Splunk, HP ArcSight and RSA enVision -- for correlation with more traditional data.

Aorato's DAF is one of the latest products to surface in response to an industry trend to apply more sophisticated methods to detect and prevent threats in an organization by utilizing elements of network theory. A subset of graph theory, network theory has been successful in determining complex relationships in the spread of disease, the study of markets and military intelligence.

By utilizing these complex techniques, Aorato claims it can stop reconnaissance, exploitation and even advanced persistent threats in an enterprise. Will it deliver on its promises to cut down on the useless noise and false positives that often plague security devices? Only those in desperate need or with excess cash to spend will likely want to investigate until there's more evidence to substantiate Aorato's assertions. It's also not the only vendor to employ such enhanced approaches; Elastica is another new player in the application of data science techniques for security monitoring of cloud-based applications. Certainly these types of products represent a new direction for industry vendors. While it's unclear whether offerings like those of Aorato or Elastica will ultimately succeed, innovation can only help in alleviating the struggle enterprises face in preventing advanced attacks.

What's your question?
Got a question about identity and access management technology and strategy in your organization? Submit your question via email today and our experts will answer it for you! (All questions are anonymous.)

This was last published in May 2014

Dig Deeper on Active Directory security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.