Quest launches AI security tool to cut response times on AD threats
Features and context
The update is designed to help security teams, often facing a shortage of senior Active Directory (AD) specialists, translate technical alerts into plain-language insights, map incidents against recognised attacker behaviours, and follow guided remediation steps. This is intended to reduce investigation times and allow quicker action against potential identity threats.
Heath Thompson, President and Chief Product Officer at Quest, said, "Security Guardian Intelligence doesn't just detect identity threats - it explains them with business or board-level context. It gives teams a faster way to prioritize real risk and take action, without needing to interpret every technical detail manually."
Industry pressures
Security and IT departments continue to experience increasing pressure as identity-based attacks rise and the financial impact of AD system downtime remains significant. The disruption from an Active Directory outage can cost in excess of $730,000 per hour, highlighting the importance of fast and effective response capabilities.
Organisations are also challenged by the growth in alert volumes, disconnected security tools, and a documented lack of specialists with advanced Active Directory skills. These delays in response can leave companies vulnerable to further impact, with data showing that successful ransomware attacks may disable systems for an average of 23 days.
Eric Aslaksen, General Manager of Security and Chief Information Security Officer at ivision, said, "We support customers across industries who are drowning in identity alerts but lack the in-house expertise to act on them. Security Guardian already gives visibility - SGI adds the context and speed they've been missing. By helping surface what matters and guiding the response, it's shaping up to be a valuable tool in our identity security toolkit."
Key capabilities
Security Guardian Intelligence introduces three primary functions to address current industry challenges: Plain-language threat summaries, providing technical findings in an accessible format
Mapped attacker behaviour, aligned with recognised frameworks such as MITRE ATT&CK
Embedded, step-by-step remediation guidance, designed to function without the need for manual scripting or escalation
Comparison with legacy platforms
Quest has highlighted the architectural difference between its platform and older solutions. Security Guardian was developed as a cloud-native platform, enabling it to support real-time application of large language models across live identity telemetry without requiring additional workarounds.
The company noted that traditional on-premises security tools can face performance and infrastructure limitations when integrating advanced artificial intelligence capabilities. By contrast, Quest seeks to provide accelerated insights and more comprehensive context through its updated solution.
Integration and availability
Security Guardian Intelligence is included in the existing platform at no additional charge for current customers. It also functions alongside other components in Quest's Cybersecurity & Resilience suite, which covers enterprise backup and disaster recovery, endpoint protection, and continuous incident response, in an effort to extend protection across all phases of the attack lifecycle.
The update uses a click-to-context approach, taking users directly from identity alerts to recommendations and business impact analysis, with the objective of helping teams act even in the absence of senior identity specialists.
Quest Software reports that the new functionality was designed to be AI-ready from the outset, meeting the needs of modern hybrid identity environments involving both on-premises and cloud-based directories.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
3 days ago
- Techday NZ
Quest launches AI security tool to cut response times on AD threats
Quest Software has announced the worldwide release of Security Guardian Intelligence, a generative AI-powered addition to its identity threat detection and response platform aimed at hybrid Active Directory and Microsoft Entra ID environments. Features and context The update is designed to help security teams, often facing a shortage of senior Active Directory (AD) specialists, translate technical alerts into plain-language insights, map incidents against recognised attacker behaviours, and follow guided remediation steps. This is intended to reduce investigation times and allow quicker action against potential identity threats. Heath Thompson, President and Chief Product Officer at Quest, said, "Security Guardian Intelligence doesn't just detect identity threats - it explains them with business or board-level context. It gives teams a faster way to prioritize real risk and take action, without needing to interpret every technical detail manually." Industry pressures Security and IT departments continue to experience increasing pressure as identity-based attacks rise and the financial impact of AD system downtime remains significant. The disruption from an Active Directory outage can cost in excess of $730,000 per hour, highlighting the importance of fast and effective response capabilities. Organisations are also challenged by the growth in alert volumes, disconnected security tools, and a documented lack of specialists with advanced Active Directory skills. These delays in response can leave companies vulnerable to further impact, with data showing that successful ransomware attacks may disable systems for an average of 23 days. Eric Aslaksen, General Manager of Security and Chief Information Security Officer at ivision, said, "We support customers across industries who are drowning in identity alerts but lack the in-house expertise to act on them. Security Guardian already gives visibility - SGI adds the context and speed they've been missing. By helping surface what matters and guiding the response, it's shaping up to be a valuable tool in our identity security toolkit." Key capabilities Security Guardian Intelligence introduces three primary functions to address current industry challenges: Plain-language threat summaries, providing technical findings in an accessible format Mapped attacker behaviour, aligned with recognised frameworks such as MITRE ATT&CK Embedded, step-by-step remediation guidance, designed to function without the need for manual scripting or escalation Comparison with legacy platforms Quest has highlighted the architectural difference between its platform and older solutions. Security Guardian was developed as a cloud-native platform, enabling it to support real-time application of large language models across live identity telemetry without requiring additional workarounds. The company noted that traditional on-premises security tools can face performance and infrastructure limitations when integrating advanced artificial intelligence capabilities. By contrast, Quest seeks to provide accelerated insights and more comprehensive context through its updated solution. Integration and availability Security Guardian Intelligence is included in the existing platform at no additional charge for current customers. It also functions alongside other components in Quest's Cybersecurity & Resilience suite, which covers enterprise backup and disaster recovery, endpoint protection, and continuous incident response, in an effort to extend protection across all phases of the attack lifecycle. The update uses a click-to-context approach, taking users directly from identity alerts to recommendations and business impact analysis, with the objective of helping teams act even in the absence of senior identity specialists. Quest Software reports that the new functionality was designed to be AI-ready from the outset, meeting the needs of modern hybrid identity environments involving both on-premises and cloud-based directories.
Techday NZ
4 days ago
- Techday NZ
AWS unveils AgentCore suite & invests USD $100 million in AI agents
AWS has introduced new tools and investments aimed at supporting organisations to build and deploy AI agents securely and at scale. Central to these developments is Amazon Bedrock AgentCore, a suite of seven core services that enable companies to develop, deploy and manage enterprise-grade AI agents. The announcement also includes an expanded AWS Marketplace for AI tools and agents, and an investment of USD $100 million in the AWS Generative AI Innovation Centre to accelerate agentic AI development. AgentCore features Amazon Bedrock AgentCore provides a framework-agnostic set of services designed to support the transition from AI experimentation to enterprise deployment. The suite covers runtime, memory, identity, tool integration, code interpretation, web browsing, and observability, aiming to address key technical and governance needs for production-ready AI agents. Swami Sivasubramanian, AWS Vice President for Agentic AI, outlined the company's strategy. He emphasised that AI agents - autonomous software systems that reason, plan, and adapt - could significantly accelerate productivity and outcomes in multiple industries. He said: "It's a tectonic change in a few dimensions. It upends the way software is built. It also introduces a host of new challenges to deploying and operating it, and potentially most impactfully, it changes how software interacts with the world - and how we interact with software." AgentCore's seven core services are designed to meet different operational aspects of running secure and scalable AI agents: AgentCore Runtime supports both low-latency interactive experiences and complex asynchronous workloads for up to eight hours, and provides session isolation in a framework-agnostic manner. supports both low-latency interactive experiences and complex asynchronous workloads for up to eight hours, and provides session isolation in a framework-agnostic manner. AgentCore Memory offers long-term and short-term memory functionalities for agents to maintain context, aiming for high accuracy across memory types. offers long-term and short-term memory functionalities for agents to maintain context, aiming for high accuracy across memory types. AgentCore Identity integrates seamlessly with existing identity providers, such as Amazon Cognito, Microsoft Entra ID, and Okta, to secure and manage agent authentication. integrates seamlessly with existing identity providers, such as Amazon Cognito, Microsoft Entra ID, and Okta, to secure and manage agent authentication. AgentCore Gateway enables secure access to a variety of digital tools, allowing easy transformation of APIs, Lambda functions, and existing services into agent-compatible resources. enables secure access to a variety of digital tools, allowing easy transformation of APIs, Lambda functions, and existing services into agent-compatible resources. AgentCore Code Interpreter allows agents to execute code safely in sandboxed environments and can be tailored to meet varying security and instance requirements. allows agents to execute code safely in sandboxed environments and can be tailored to meet varying security and instance requirements. AgentCore Browser Tool gives AI agents secure web access for automated online tasks, suitable for operations such as web form completion or navigating websites. gives AI agents secure web access for automated online tasks, suitable for operations such as web form completion or navigating websites. AgentCore Observability leverages Amazon CloudWatch for real-time monitoring, dashboards, and telemetry, while integrating with customers' observability systems. Customer organisations including Itaú Unibanco, Innovaccer, Boomi, Epsilon, and Box have begun utilising AgentCore as they seek to embed AI agents into their operations. Secure & production-ready According to Sivasubramanian, these services are aimed at helping customers as models and use cases evolve, allowing businesses to maintain secure deployment while scaling their AI capabilities. He highlighted the need for systems that can adapt as requirements change and said: "Building systems that can act autonomously across digital boundaries, while maintaining the security, reliability, and governance standards required for enterprise deployment, is a critical challenge. AgentCore helps developers bridge the critical gap between proof of concept and production for AI agents. It delivers a set of composable solutions that allows organizations to move agents from prototypes to applications that can scale to millions of end-users." Marketplace expansion AWS is expanding its Marketplace to introduce a new category, AI Agents and Tools. This aims to help enterprises discover, purchase, and deploy AI agent solutions from a selection of providers. The intention is to streamline the process for organisations seeking to adopt AI agents, providing access to solutions and professional services for building, maintaining, and deploying agents at scale. Sivasubramanian discussed this expansion during his remarks at the AWS Summit in New York, saying customers have access to a one-stop shop to accelerate the development of their AI initiatives. Customers leveraging these Marketplace solutions are expected to benefit from streamlined integration and delivery, with the support of specialist service providers. Investment AWS also announced a further USD $100 million for the AWS Generative AI Innovation Centre to support the development and deployment of agentic AI. This investment is designed to help businesses build and scale AI agents tailored to specific industry needs, supporting customers at various stages of their AI adoption journeys. Additional enhancements to Amazon Nova were announced, offering customers improved customisation for building specific AI capabilities with higher accuracy and flexibility. With these latest announcements, AWS aims to provide a more robust platform and ecosystem for organisations interested in deploying secure, scalable AI agents in production environments.
Techday NZ
4 days ago
- Techday NZ
Windows Server 2025 flaw lets attackers persist in Active Directory
Semperis researchers have identified a design flaw in Windows Server 2025 that could leave managed service accounts vulnerable to undetected attacks. Vulnerability details The flaw, which researchers are calling 'Golden dMSA', affects delegated Managed Service Accounts (dMSAs) within Windows Server 2025. According to Semperis, the vulnerability could allow attackers to achieve persistent, undetected access to these accounts, potentially exposing resources across Active Directory for indefinite periods and enabling cross-domain lateral movement. Researcher Adi Malyanker from Semperis has developed a tool named GoldenDMSA, which incorporates the logic of the attack and enables security professionals to simulate and understand the risks posed by the vulnerability. The tool aims to help defenders evaluate how the technique might be exploited in their own environments. Technical findings The Golden dMSA attack centres on a cryptographic vulnerability in Microsoft's newly introduced security features within Windows Server 2025. The architectural setup of dMSAs is exploited because the ManagedPasswordId structure contains time-based components that are predictable. These components offer only 1,024 possible combinations, making it computationally trivial for attackers to brute-force service account passwords. "Golden dMSA exposes a critical design flaw that could let attackers generate service account passwords and persist undetected in Active Directory environments," said Malyanker. "I built a tool that helps defenders and researchers better understand the mechanism of the attack. Organisations should proactively assess their systems to stay ahead of this emerging threat." This flaw means that threat actors could potentially move laterally across domains and maintain access over time, evading detection by traditional monitoring methods. Industry context The new research on Golden dMSA follows previous identity-related discoveries by Semperis. The company's researchers have also highlighted a vulnerability called nOauth in Microsoft's Entra ID, which is known to enable full account takeover in certain vulnerable SaaS applications with limited attacker interaction. Within the last year, Semperis further developed detection capabilities in its Directory Services Protector platform to defend against BadSuccessor, described as a severe privilege escalation technique that targets a newly introduced feature in Windows Server 2025. The team previously identified Silver SAML, which is a variant of the SolarWinds-era Golden SAML technique. Silver SAML is notable for its ability to bypass standard security defences in applications integrated with Entra ID. Recommendations and implications Semperis is advising organisations using Windows Server 2025 to consider proactively assessing their managed service accounts and other identity infrastructure. By understanding the mechanism of the newly disclosed attack and employing simulation tools such as GoldenDMSA, security and IT teams can evaluate their exposure and consider mitigation strategies. The discovery of Golden dMSA highlights ongoing challenges in identity and account management security, particularly as new features are introduced into widely used enterprise systems like Active Directory. The predictability of password generation mechanisms, as exposed by Malyanker's research, underscores the importance of cryptographic design choices in authentication frameworks. Semperis continues its focus on identity security research and has called on others in the cybersecurity community to stay vigilant as new issues emerge with changes in enterprise software architecture and security models. Follow us on: Share on:
