ManageEngine Enhances AD360 With Risk Exposure Management and Local User MFA Features to Strengthen Identity Threat Defenses
Identity remains the primary attack vector in modern enterprises, as shown by Verizon's 2025 Data Breach Investigations Report, which found that credential abuse was the initial access vector in 22?% of breaches. The report also highlighted widespread abuse of poorly managed local accounts and privilege paths across over 12,000 confirmed breaches.
'With this release, ManageEngine AD360 moves beyond traditional IAM by embedding identity threat defenses into core identity operations. By turning identity data into actionable security insights, we're helping customers make IAM the first line of defense, not a check box,' said Manikandan Thangaraj, vice president of ManageEngine.
While most IAM tools focus on provisioning and policy enforcement, AD360 adds risk exposure mapping via attack path analysis as well as local MFA enforcement, helping enterprises close attack paths that often go undetected. This marks a key step in identity management evolving from an access control layer into an active security control.
New Capabilities
· Identity risk exposure management: Graph-based analysis maps lateral movement and privilege escalation paths in Active Directory (AD), automatically
prioritizing risky configurations and recommending remediation steps. The graph engine models AD objects as nodes and privilege inheritance as lines, revealing multi-step attack chains in real time, with actionable suggestions that IT teams can implement to close exposed paths.
· Local user MFA: This feature extends adaptive MFA to local accounts on non-domain-joined servers, DMZ assets, and test environments, thwarting credential stuffing and persistence techniques.
· ML-driven access recommendations: During provisioning and access review campaigns, machine learning analyzes permission patterns and suggests adjustments to implement least privilege access, helping prevent excess entitlements.
Additionally, ManageEngine has enhanced AD360's access certification module, which now includes expanded entitlements for comprehensive review coverage, and the risk assessment capabilities feature new indicators for improved identity risk monitoring across AD and Microsoft 365 environments. These enhancements are designed to streamline compliance reporting and strengthen access governance across the enterprise. The new capabilities support NIST SP?800-207 on Zero Trust architecture, align with PCI DSS?Version 4.0 Requirement 8, and facilitate SOX, HIPAA, and GDPR controls.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Channel Post MEA
18 hours ago
- Channel Post MEA
Paradigm Shift In Credential Stuffing Attacks: Radware Report
Radware has released a new research report—The Invisible Breach: Business Logic Manipulation and API Exploitation in Credential Stuffing Attacks. The report reveals a paradigm shift in credential stuffing attacks. It underscores a fundamental transformation from volume-based attacks leveraging a series of repeated password attempts to sophisticated, multi-stage infiltration techniques. 'To bypass traditional defenses, modern credential stuffing attacks are shifting away from traditional password-spraying techniques in favor of business logic manipulation, cross-platform device spoofing, and strategic API exploitation,' said Arik Atar, senior cyber threat intelligence researcher at Radware. 'The message for defending organizations is clear. To match this new reality, they must move beyond credential-centric controls to adopt security strategies that validate entire user journeys, correlate cross-request behavior, and detect suspicious patterns in business logic flows.' Radware's research examined 100 advanced credential stuffing configurations deployed through a well-known account takeover tool called SilverBullet. Advanced attack methodologies Business logic attacks: 94% of configurations implement four or more business logic attack elements, with 54% demonstrating advanced orchestration, using 13+ distinct techniques. API exploitation: 83% of configurations contain explicit API-targeting techniques. Multi-device spoofing: 24% of attack scripts alternate between two device types during execution, with 71% employing cross-platform transitions, primarily between iOS and Windows. Primary targets Industries: Technology/SaaS emerged as the primary target sector (27%), followed by financial services/government (16%), and the travel/airline (13%) sectors. Online tools: There is a significant shift toward high-value AI tools (44% of all technology targets), potentially exploited by spammers who engage in account cracking to create large-scale phishing content. In addition, corporate tools (30%), including Microsoft 365, OneDrive, and Outlook, are likely targets for ransomware groups pursuing initial access to organizational systems. Centralized threat landscape Concentration: 51% of the analyzed configurations, randomly collected over six months, were written by just three advanced threat actors: SVBCONFIGSMAKER, and @Magic_Ckg. Specialization: Each threat actor had over two years of operational experience in distinct areas of specialization, including AI platform authentication bypass, mobile API exploitation, and Microsoft cloud services.
TECHx
19 hours ago
- TECHx
Hidden Dangers: Supply Chain Cyberattacks in 2025
Home » Editor's pick » Hidden Dangers: Supply Chain Cyberattacks in 2025 Supply chain cyberattacks are rising fast in 2025, exposing enterprises to hidden threats through trusted vendors, weak links, and third-party vulnerabilities. In 2025, it's not the hackers breaching your firewalls that should keep you up at night. It's the vendors you trust the most, the small software firm managing your data sync, the overseas hardware supplier, or even your outsourced payroll provider. Cybercriminals are no longer attacking the front doors of the world's most secure enterprises. They're slipping through the side gates, quietly piggybacking on the digital supply chains that keep global business ticking. Verizon's 2025 Data Breach Investigations Report (DBIR) highlights this troubling trend with hard numbers: one in three breaches now involves a third party. The percentage of incidents tied to partners or suppliers has doubled from the previous year, underscoring how deeply embedded these risks have become. What's more, ransomware, often delivered via these indirect attack paths has seen a 37% increase, now factoring into nearly half of all reported breaches. The Hertz-Cleo Fallout Take the Hertz incident earlier this year. The car rental giant itself wasn't hacked. Instead, the Russian-linked ransomware gang Clop infiltrated Cleo Communications, a trusted third-party file transfer provider used by Hertz and gained indirect access to sensitive customer information. By exploiting an unknown vulnerability in Cleo's software, the attackers avoided Hertz's own hardened defenses altogether. This tactic, often called a supply chain attack, isn't new. But what's changed is how quickly it's become the go-to method for sophisticated cybercriminals, including state-backed groups. Why try to breach a billion-dollar enterprise with enterprise-grade security, when you can compromise a smaller supplier with minimal resistance and get the same prize? The damage from these attacks goes far beyond lost data or a ransom paid. They undermine trust in entire ecosystems. If an organization can't vouch for its vendors' security posture, how can it vouch for its own? A Threat Hiding in Plain Sight Supply chains have always been complex. But now it has also become invisible. Many large enterprises now rely on thousands of vendors, software-as-a-service providers, open-source libraries, cloud partners, APIs, and more, creating sprawling digital ecosystems where a single weak link can compromise an entire network. Recent data shows that software supply chain incidents are sharply on the rise. According to Cyble, the average number of such attacks per month increased by 25% from late 2024 to mid-2025. In the last two months alone, this number nearly doubled. Attackers are getting more strategic, more patient, and more effective at exploiting interdependencies between systems that most companies barely map, let alone monitor. Credential abuse remains a leading cause of breaches, with nearly a quarter of attacks stemming from stolen or weak credentials. Vulnerability exploitation is close behind, accounting for 20%. These numbers reflect a sobering reality: as businesses grow more interconnected, the attack surface is no longer within their walls. Sectoral Impact: Healthcare, Manufacturing, and More Certain sectors are feeling the burn more than others. Healthcare, with its sensitive patient data and critical uptime requirements, remains a prime target. The DBIR found 1,710 incidents in the sector this year, with over 1,500 involving confirmed data disclosure. The most compromised data types? Medical and personal. Manufacturing is facing a different but equally insidious threat: espionage. Breaches in the industry nearly doubled this year, and for the first time, 20% were tied to espionage, up from just 3% the year before. Analysts believe this rise is likely linked to state-sponsored actors targeting supply chains to access emerging technologies and industrial secrets. Meanwhile, the financial and education sectors continue to grapple with familiar foes: phishing campaigns, credential stuffing, and basic web application attacks. But the thread tying all of these sectors together is supply chain vulnerability. Regardless of industry, the weakest point isn't the organization, it's often the people and partners just outside of it. Why We're Still Behind Despite years of warnings and a growing pile of headlines, many organizations still don't conduct comprehensive security reviews of their suppliers. Some don't even know how many third-party services are connected to their systems. A recent survey found that fewer than 30% of enterprises require a Software Bill of Materials (SBOM), a basic inventory of components used in applications, from their vendors. The regulatory landscape is beginning to catch up. New compliance mandates in the U.S., EU, and GCC region are placing greater onus on companies to verify vendor security. In the UAE, cybersecurity requirements tied to national digital transformation efforts are already pushing public and private organizations to step up. But policy alone won't solve the problem. Security teams must rethink their architecture from the ground up. The old model, perimeter defense, no longer applies in an age where the perimeter includes thousands of third parties. Strategies like Zero Trust architecture, real-time threat intelligence sharing, and continuous monitoring of third-party behavior are no longer 'nice to haves.' They are essential. A Chain Only as Strong as… The phrase 'a chain is only as strong as its weakest link' is now a cybersecurity cliché. But in 2025, it's painfully accurate. As enterprises double down on digital transformation, AI tools, and cloud-first strategies, their reliance on supply chains will only deepen. That means vigilance can't stop at the firewall, it must extend across every digital handshake. Because in today's cyber era, the breach you didn't notice might just be the one that shuts everything down.
Channel Post MEA
28-07-2025
- Channel Post MEA
Tenable Unveils AI-driven Enhancements To VPR
Tenable has announced the next evolution of its industry-leading Tenable Vulnerability Priority Rating (VPR) to sharpen precision and focus on risks that pose the greatest threat. Powered by generative AI, enriched threat intelligence and context-aware scoring, Tenable VPR enables organizations to quickly understand vulnerability impact, weaponization and precise remediation actions. While static Common Vulnerability Scoring System ( CVSS ) broadly flags 60% of vulnerabilities as high or critical, Tenable VPR narrowed this to a focused 3% at its launch in 2019. With these latest AI-driven enhancements, Tenable VPR delivers twice the clarity and precision by leveraging real-time data to pinpoint the critical 1.6% of vulnerabilities that represent actual business risk. These efficiency gains, combined with enhanced explainability and contextualization, translate to faster mean-time-to-remediation, optimized resources, and strategically aligned security efforts with organizational priorities. 'Our biggest problem was noise. We had thousands of vulnerabilities, and no clear way to know which ones posed a genuine threat,' said Jorge Orchilles, senior director, Readiness and Proactive Security, Verizon. 'Tenable VPR changed that by showing us what attackers are actually exploiting right now. It lets us focus our resources on the handful of issues that truly matter, which has made a real, measurable difference in how quickly we can get critical patches out.' 'We're taking our game-changing Tenable VPR to the next level with these AI-powered enhancements,' said Eric Doerr, chief product officer, Tenable. 'Tenable VPR brings an unmatched precision and depth of threat intelligence, context and explainability to cyber operations. With these critical insights at their fingertips, organizations can clearly visualize why an exposure matters, where they are vulnerable and how to close their priority risks.' In addition to hyper-focused risk prioritization, key enhancements to Tenable VPR include: AI-powered insights and explainability: VPR insights provide instant clarity, helping users quickly grasp why an exposure matters, how it's been weaponized by threat actors, and receive clear, actionable mitigation guidance. AI-generated threat summaries and remediation insights help users quickly understand real-world risks and next steps. VPR insights provide instant clarity, helping users quickly grasp why an exposure matters, how it's been weaponized by threat actors, and receive clear, actionable mitigation guidance. AI-generated threat summaries and remediation insights help users quickly understand real-world risks and next steps. Prioritization with industry and regional context: Enhanced filtering, querying and metadata help organizations understand and prioritize vulnerabilities based on real-world threats to their specific industry and region, ensuring critical exposures relevant to the business are addressed first.
