立即与支持人员聊天
与支持团队交流

Security Guardian Current - Release Notes

Release History

The following lists the new features, enhancements and resolved issues by deployment.

Current Deployment

March 10, 2025

New Features

The following Active Directory Assessments have been added to Discoveries:

  • Credential Access:

    • Microsoft Entra seamless single sign-on (AzureADSSOACC) account password has not changed recently

  • Persistence:

    • Tier Zero Group policy contains a scheduled task

    • Non-Tier Zero Group policy contains a scheduled task

Resolved Issues

Resolved Issue Issue ID
The issue "Tier Zero enumeration does not properly handle Domain Users group being member of a Tier Zero group" has been resolved. 542953

Previous Deployments

December 17, 2024

 

New Features

Security Guardian has added support for Entra ID objects in Microsoft 365 tenants, which includes Privileged object identification and certification. Security Assessments, and indicators for Findings in Security Guardian and On Demand Audit.

 

December 10, 2024

 

New Features

The following Active Directory Assessments have been added to Discoveries:

  • Credential Access

    • Group Policy does not enforce built-in Administrator account lockout

  • Lateral Movement

    • Tier Zero Group Policy allows Authenticated Users to add computers to the domain

    • Non-Tier Zero account can request an overly permissive certificate with privileged EKU (ESC2)

  • Privilege Escalation

    • Non-Tier Zero account can use a misconfigured certificate template to impersonate any user

Resolved Issues

Resolved Issue Issue ID
A performance improvement has been implemented for environments with a large volume of Tier Zero objects. 530317

 

October 10, 2024

 

New Features

The following Active Directory vulnerabilities have been added to Discoveries:

  • Credential Access:

    • Domain trust without Kerberos AES encryption enabled

    • Kerberos KRBTGT account password has not changed recently

  • Privilege Escalation:

    • Suspicious ESX Admins group detected in domain

Enhancements

Enhancement Issue ID
MITRE ATT&CK TTPs have been added to Hygiene and Detected Indicators Findings Investigation pages. 494070
The reason(s) why an object is considered Tier Zero is displayed in object details and the Findings Investigation page for the object. 479695
In Assessment results for vulnerable computer and user objects, a column has been added to indicate whether the object is enabled or disabled. 481991

 

August 15, 2024

 

Enhancements

Enhancement Issue ID
To prevent system overload from exceptionally large data sets, a maximum of 100,000 objects will be displayed in the Assessment Results Vulnerable Objects list. 502873

August 1, 2024

 

New Features

You can export the complete Tier Zero objects list to a csv file, for sharing with stakeholder and security assessment engagements.

 

Enhancements

Enhancement Issue ID
To simplify the user experience, Am I Exposed? no longer displays on the Findings Investigation page. 465773

 

July 02, 2024

 

New Features

The terminology for Indicator and Finding types has changed to better align with industry standards.

 

March 26, 2024

 

New Features

A Data Collections page has been added to Security Settings, which allows you to monitor Active Directory data collections within your organization. You can also:

  • manually run a data collection

  • disable data collections that you no longer want to run.

Incident response management

Quest Operations and Quest Support have procedures in place to monitor the health of the system and ensure any degradation of the service is promptly identified and resolved. On Demand relies on Azure and AWS infrastructure and as such, is subject to the possible disruption of these services. You can view the following status pages:

System Requirements

The following web browsers are supported with On Demand:

  • Microsoft Edge
  • Google Chrome (latest version)
  • Mozilla Firefox (latest version)

Additional component requirements

Component Purpose
Hybrid Agent Gives Security Guardian access to the Active Directory domain(s) that you want to keep secure.

Quest Change Auditor

(via On Demand Audit)

Sends Active Directory events to On Demand Audit for reporting in Security Guardian Findings and allows you to protect Tier Zero objects.

NOTE: A minimum of version 7.3 is required to send critical activity events to On Demand Audit, and a minimum of version 7.4 is required to protect Tier Zero objects.

 

SpecterOps BloodHound Enterprise

(Optional)

Identifies Tier Zero assets in your organization's Active Directory domain(s), which you can monitor and assess for security vulnerabilities in Security Guardian.

NOTE: If BloodHound Enterprise is not configured, Security Guardian will be used as your organization's Tier Zero provider once the Hybrid Agent is configured.

SIEM solution: 

  • Microsoft Sentinel

  • Splunk Cloud or Enterprise

(Optional)

Allows Security Guardian Findings to be forwarded to a configured SIEM tool for further analysis.

NOTE: Regardless of whether your organization uses a SIEM solution, you can also have Finding alerts sent via email.

Product licensing

Quest On Demand is a Software as a Service (SaaS) application where application software is hosted in the cloud and made available to users through quest-on-demand.com.

Use of this software is governed by the Software Transaction Agreement found at www.quest.com/legal/sta.aspx and the SaaS Addendum at www.quest.com/legal/saas-addendum.aspx. This software does not require an activation or license key to operate.

You can sign in to Quest On Demand as a Guest user and sample the solutions the product can offer. As a Guest user, you can add your Azure AD tenant and look for problems that can be solved by Quest On Demand. To sign in as a Guest user, go to quest-on-demand.com and click Continue as Guest.

Trial licenses are available. To enable a trial license, you must use a Quest account to sign up for Quest On Demand. Use one of the following procedures:

To enable a trial license with an existing Quest account

  1. Go to https://www.quest.com/on-demand/
  2. Scroll down to the module you are interested in and click Try Online.
  3. On the Free Trial of <Module Name> page, click Sign In for your Free Trial.
  4. Fill in your Quest account credentials and click Sign In. The Welcome to Quest On Demand page opens.
  5. In the Add organization name field, enter a name for your Quest On Demand organization.
  6. In the Select Region field, select the region where you want your data to reside.
  7. Click Create New Organization.

You can now add your Azure AD tenant and begin using the module. See the Global Settings User Guide for more information on working with Quest On Demand.

To create a Quest account and enable a trial license

  1. Go to https://www.quest.com/on-demand/
  2. Scroll down to the module you are interested in and click Try Online.
  3. To try online, you must create a Quest account and then sign up for Quest On Demand.
  4. Create a Quest account.
    1. Click Create a Trial Account.
    2. Fill in the fields on the Create Account page. Note that the email and password entered here will be the credentials you use to sign in to Quest On Demand.
    3. Click Create Account. The “We’ve sent you an email” page opens.
  5. Sign in to Quest On Demand.
    1. Go to your email account and open the email from support.quest.com. Click on the verification link. The Welcome to Quest On Demand page opens.
    2. In the Add organization name field, enter a name for your Quest On Demand organization.
    3. In the Select Region field, select the region where you want your data to reside.
    4. Click Create New Organization.

You can now add your Azure AD tenant and begin using the module. See the Global Settings User Guide for more information on working with Quest On Demand.

相关文档
Security Guardian - Current
Release Notes
Security Guide
User Guide
Release Notes
Security Guide
User Guide
Showing 1 to 6 of 6 rows

The document was helpful.

选择评级

I easily found the information I needed.

选择评级