ITDR
Release Upgrade Summary (2023)
This article provides a summary of all new features and enhancements for Zscaler ITDR. To see scheduled maintenance updates for your cloud, visit the Trust Portal.
The following service updates were deployed to illusionblack.com on the following dates.
- Feature Available
Change Detection Safelist
The ITDR - Change Detection feature monitors and detects active changes in an Active Directory (AD) domain, and classifies these changes as a good or bad impact. The Change Detection (ITDR > Change Detection) page displays the detected issues. You can review these change detection issues to confirm that they are not a risk and mark them as safe.
To learn more, see About ITDR - Change Detection, Adding a Change Detection Issue to the Safelist, and Viewing Change Detection Issue and Remediation Details.
ITDR Active Directory Assessment Posture Report
The ITDR Active Directory (AD) Assessment Posture report is a summary of potential misconfigurations and vulnerabilities in your scanned AD domain. The report displays a unified domain risk score on a scale of 0 to 100, the type of risks most prevalent in the AD, an issue priority matrix, and remediation guidance to fix the issues. You can download the ITDR AD Assessment Posture report as a PDF file.
To learn more, see Viewing the ITDR AD Assessment Report and Downloading the ITDR AD Assessment Report.
ITDR UI Enhancements
The Identity label on the left-side navigation menu was renamed to ITDR.
The Identity Posture - Active Directory Dashboard page (Identity > Dashboard) was renamed to ITDR Posture - Active Directory Dashboard (ITDR > Dashboard).
To learn more, see About the ITDR Posture - Active Directory Dashboard.
Viewing Active Directory Failed Scan Check Details
After an Active Directory (AD) domain is scanned and the scan status is completed, you can view the details of the failed scan checks, if any.
To learn more, see About Scan Agents.
To learn more, see Viewing Failed Scan Check Details.
- Feature Available
Active Directory Attack Detection
You can create a Windows landmine policy and configure the ITDR - Active Directory (AD) attack detection module to detect credential misuse, entitlement exposures, and privilege escalation activities against AD via the Landmine Agent.
To learn more, see Creating a Landmine Policy and Configuring ITDR - Active Directory.
Identity Posture - Active Directory
The Identity Posture - Active Directory feature enables organizations to protect privileged identities, such as Active Directory (AD) domains that are at a high risk of exploitation and regulatory noncompliance. It helps you to detect attacks, such as DYSync, DCShadow, Kerberoast, etc., and disrupt privilege escalation and lateral movement threats with decoy users and computers.
Scan Active Directory Domains
You can scan AD domains via a Microsoft Windows landmine agent to discover identity vulnerabilities, such as AS-REP roasting and kerberoasting attacks.
To learn more, see About Scan Agents and Scanning an Active Directory.
Identity Posture - Active Directory Dashboard
After your AD domains are scanned, the results are available on the Identity Posture - Active Directory dashboard. The dashboard displays the top vulnerability issues by severity, affected users and computers, risk analysis with issues categorized by percentage, issues mapped on the MITRE ATT&CK kill chain, etc. You can interactively drill down to a specific issue and analyze it.
On the dashboard, you can view active changes detected in your AD that provide near real-time visibility of new misconfigurations and security risks introduced.
The dashboard displays remediation steps that you can take to maintain the security posture of your AD infrastructure. You can also view and download the vulnerability reports.
To learn more, see About the Identity Posture - Active Directory Dashboard.
Issue and Object Safelist
After your AD domain is scanned, the vulnerability issues and objects (AD user accounts and computers) are listed on the Focus Area page. You can review these issues and objects to confirm that the vulnerability is not a risk and mark them as safe. The issues and objects marked as safe are listed on the Issue Safelist and Object Safelist pages.
To learn more, see Adding a Vulnerability Issue to the Safelist and Viewing and Managing Issue Safelist.
To learn more, see Adding an Active Directory Object to the Safelist and Viewing and Managing Active Directory Object Safelist.
ITDR - Change Detection
The ITDR - Change Detection feature improves the security posture of an Active Directory (AD) environment. It provides near real-time visibility into new misconfigurations and security risks introduced to your AD.
To learn more, see About ITDR - Change Detection.