Chat now with support
Chat with Support

Security Guardian Current - Release Notes

Release Notes

Quest® Security Guardian

December 10, 2024

 

These release notes provide information about Quest® Security Guardian deployments.

Quest® Security Guardian is an integrated On Demand solution that helps you keep the Active Directory domain(s) and Entra ID tenant(s) in your organization secure.

You can:

  • Identify Tier Zero objects in Active Directory.

  • Identify Privileged objects in Entra ID.

  • Certify that objects are indeed Tier Zero or Privileged and, when Quest Change Auditor version 7.4 is integrated, protect Active Directory Tier Zero objects against unauthorized or accidental modification or deletion.

  • Run pre-defined Security Assessments to identify vulnerabilities in Active Directory and Entra ID and create your own Assessments.

  • Investigate Findings for Tier Zero and Privileged objects, vulnerabilities identified through Assessments, and Critical Activity from On Demand Audit.

  • Have Findings forwarded to a SIEM tool and alerts sent to selected email recipients.

 

New Features

The following Active Directory Assessments have been added to Discoveries:

  • Credential Access

    • Group Policy does not enforce built-in Administrator account lockout

  • Lateral Movement

    • Tier Zero Group Policy allows Authenticated Users to add computers to the domain

    • Non-Tier Zero account can request an overly permissive certificate with privileged EKU (ESC2)

  • Privilege Escalation

    • Non-Tier Zero account can use a misconfigured certificate template to impersonate any user

October 10, 2024

The following Active Directory vulnerabilities have been added to Discoveries:

  • Credential Access:

    • Domain trust without Kerberos AES encryption enabled

    • Kerberos KRBTGT account password has not changed recently
  • Privilege Escalation:

    • Suspicious ESX Admins group detected in domain

July 17, 2024

You can export the complete Tier Zero objects list to a csv file, for sharing with stakeholder and security assessment engagements.

 

July 02, 2024

The terminology for Indicator and Finding types has changed to better align with industry standards.

 

March 26, 2024

A Data Collections page has been added to Security Settings, which allows you to monitor Active Directory data collections within your organization. You can also:

  • manually run a data collection

  • disable data collections that you no longer want to run.

 

Enhancements

 

October 10, 2024

Enhancement Issue ID
MITRE ATT&CK TTPs have been added to Hygiene and Detected Indicators Findings Investigation pages. 494070
The reason(s) why an object is considered Tier Zero is displayed in object details and the Findings Investigation page for the object. 479695
In Assessment results for vulnerable computer and user objects, a column has been added to indicate whether the object is enabled or disabled. 481991

 

August 15, 2024

Enhancement Issue ID
To prevent system overload from exceptionally large data sets, a maximum of 100,000 objects will be displayed in the Assessment Results Vulnerable Objects list. 502873

August 1, 2024

Enhancement Issue ID
To simplify the user experience, Am I Exposed? no longer displays on the Findings Investigation page. 465773

Resolved Issues

The following is a list of issues addressed in this release.

Tier Zero resolved issue
Resolved Issue Issue ID
A performance improvement has been implemented for environments with a large volume of Tier Zero objects. 530317
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating