Chatta subito con l'assistenza
Chat con il supporto

Security Guardian Current - Release Notes

Release Notes

Quest® Security Guardian

December 17, 2024

 

These release notes provide information about Quest® Security Guardian deployments.

Quest® Security Guardian is an integrated On Demand solution that helps you keep the Active Directory domain(s) and Entra ID tenant(s) in your organization secure.

You can:

  • Identify Tier Zero objects in Active Directory.

  • Identify Privileged objects in Entra ID.

  • Certify that objects are indeed Tier Zero or Privileged and, when Quest Change Auditor version 7.4 is integrated, protect Active Directory Tier Zero objects against unauthorized or accidental modification or deletion.

  • Run pre-defined Security Assessments to identify vulnerabilities in Active Directory and Entra ID and create your own Assessments.

  • Investigate Findings for Tier Zero and Privileged objects, vulnerabilities identified through Assessments, and Critical Activity from On Demand Audit.

  • Have Findings forwarded to a SIEM tool and alerts sent to selected email recipients.

 

New Features

Security Guardian has added support for Entra ID objects in Microsoft 365 tenants, which includes Privileged object identification and certification, Security Assessments, and indicators for Findings in Security Guardian and On Demand Audit.

Known Issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.

Assessment known issues
Known Issue Issue ID

Due to the complexity of the query, an Assessment can evaluate a maximum of 10,000 Tier Zero objects for a vulnerability. If this limit is surpassed, results will be marked as Inconclusive with the following message:

Syntax error: Query length (2162372) too large (max: 2097152)

497529

Release History

The following lists the new features, enhancements and resolved issues by deployment.

Current Deployment

December 17, 2024

 

New Features

Security Guardian has added support for Entra ID objects in Microsoft 365 tenants, which includes Privileged object identification and certification. Security Assessments, and indicators for Findings in Security Guardian and On Demand Audit.

Previous Deployments

 

December 10, 2024

 

New Features

The following Active Directory Assessments have been added to Discoveries:

  • Credential Access

    • Group Policy does not enforce built-in Administrator account lockout

  • Lateral Movement

    • Tier Zero Group Policy allows Authenticated Users to add computers to the domain

    • Non-Tier Zero account can request an overly permissive certificate with privileged EKU (ESC2)

  • Privilege Escalation

    • Non-Tier Zero account can use a misconfigured certificate template to impersonate any user

Resolved Issues

Resolved Issue Issue ID
A performance improvement has been implemented for environments with a large volume of Tier Zero objects. 530317

 

October 10, 2024

 

New Features

The following Active Directory vulnerabilities have been added to Discoveries:

  • Credential Access:

    • Domain trust without Kerberos AES encryption enabled

    • Kerberos KRBTGT account password has not changed recently
  • Privilege Escalation:

    • Suspicious ESX Admins group detected in domain

Enhancements

Enhancement Issue ID
MITRE ATT&CK TTPs have been added to Hygiene and Detected Indicators Findings Investigation pages. 494070
The reason(s) why an object is considered Tier Zero is displayed in object details and the Findings Investigation page for the object. 479695
In Assessment results for vulnerable computer and user objects, a column has been added to indicate whether the object is enabled or disabled. 481991

 

August 15, 2024

 

Enhancements

Enhancement Issue ID
To prevent system overload from exceptionally large data sets, a maximum of 100,000 objects will be displayed in the Assessment Results Vulnerable Objects list. 502873

August 1, 2024

 

New Features

You can export the complete Tier Zero objects list to a csv file, for sharing with stakeholder and security assessment engagements.

 

Enhancements

Enhancement Issue ID
To simplify the user experience, Am I Exposed? no longer displays on the Findings Investigation page. 465773

 

July 02, 2024

 

New Features

The terminology for Indicator and Finding types has changed to better align with industry standards.

 

March 26, 2024

 

New Features

A Data Collections page has been added to Security Settings, which allows you to monitor Active Directory data collections within your organization. You can also:

  • manually run a data collection

  • disable data collections that you no longer want to run.

Strumenti self-service
Knowledge Base
Notifiche e avvisi
Supporto prodotti
Download di software
Documentazione tecnica
Forum utente
Esercitazioni video
Feed RSS
Contatti
Richiedi assistenza sulle licenze
Supporto tecnico
Visualizza tutto
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione