BloodHound Enterprise for the Public Sector

Ensure Mission Readiness

BloodHound Enterprise is the go-to for Attack Path Management. With a FedRAMP High Authorized designation, BloodHound Enterprise enables continuous prioritization of Identity Attack Paths, remediation guidance, and reporting that shows mission improvement over time.

Mission

Eliminate Identity Risk

Achieve Zero Trust Architecture

The Executive Order on Improving the Nation’s Cybersecurity calls for the Federal Government to ‘advance toward Zero Trust Architecture’. To achieve Zero Trust you must be certain you have no trust relationships that give adversaries access to Tier 0 assets. BloodHound Enterprise for Government enables you to both validate you have achieved Zero Trust and/or shows you the critical paths you must remove to secure your agency.

Stop Adversaries

Identity Attack Paths are adversary’s most utilized and efficient way to move laterally and escalate privileges. BloodHound Enterprise for Government identifies critical Identity Attack Paths and provides remediation guidance to help you stop your adversaries from advancing.

Manage Risk

Operational Intelligence is required for planning and ensuring you have minimized your security risk. For Identity risks, this requires the ability to see and measure the Identity Attack Paths that exist in your network. BloodHound Enterprise for Government is the first-of-its-kind Attack Path Management platform to allow you to manage your Identity risks.

Mission

Compliance and Maturity

Compliance Frameworks

BloodHound Enterprise – FedRAMP High Authorized enables compliance for frameworks that require users to maintain separate privileged accounts from their standard user accounts. Example compliance frameworks include:

  • NIST CSF v1.1: PR.AC-1 and PR.AC-4
  • NIST CSF 2.0: PR.AA-05 and ID.RA-03
  • NIST SP 800-53 Rev. 5: AC-5 and AC-6

Maturity Models

BloodHound Enterprise – FedRAMP High Authorized provides Optimal Visibility, Analytics, and Risk Assessment maturity to your organization for implementing Zero Trust for Identities.

  • CISA: Zero Trust Maturity Model, Version 2.0, April 2023 | Section 5.1
  • DoD: Zero Trust Strategy, October 2022 | Target Level User 1.1, 1.2, 1.4, 1.7

Mission: Prioritize our Attack Paths and verify
we fixed them – continuously.
Mission: Accomplished ✓

arrow right
Video

BloodHound Enterprise – Public Sector

FedRAMP High Authorized

This accreditation is through an agency Authority to Operate (ATO) and our progress can be viewed on the FedRAMP Marketplace here.

Continuous Identity Protection, Unmatched Adversary Visibility

As the organization evolves with new identities and resources, BloodHound Enterprise for Government continually:

  • Maps every relationship and connection
  • Provides full understanding of real permissions
  • Tracks and exposes new Attack Paths
View Datasheet

Light Weight, Scalable

BloodHound Enterprise for Government operates in the AWS GovCloud and requires minimal installation for data collection of your Microsoft AD and Entra ID environments.

  • Requirements: 16GB RAM, 5 GB Disk Space, TLS on 443/TCP to GovCloud
  • SharpHound Federal (AD): Windows Server
  • AzureHound Federal (Entra ID): Windows Server, Docker, or K8S
Learn More

Fast Deployment, No Burden

BloodHound Enterprise for Government is fully deployed, secured, and managed by SpecterOps, requiring no additional installation or maintenance.

  • Deploys in minutes
  • Maps and analyzes in hours
  • Zero maintenance
View More

BloodHound recognized by CISA as an important utility in Attack Path Management for government agencies

“In performing actions 4a through 4f, agencies should use tools such as BloodHound to understand the possible attack path that starts with a compromise of their Exchange infrastructure as the result of compromised Exchange permissions in Active Directory.”

CISA Emergency Directives ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities, March 03, 2021

“On Workstation 1, the team leveraged a modified SharpHound [the BloodHound] collector, ldapsearch, and command-line tool, dsquery, to query and scrape AD information, including AD users [T1087.002], computers [T1018], groups [T1069.002], access control lists (ACLs), organizational units (OU), and group policy objects (GPOs) [T1615].”

CISA Cybersecurity Advisory CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks, February 28, 2023

“… The red team queried parsed Bloodhound data for members of the SharePoint admin group and identified several standard user accounts with administrative access.”

CISA Cybersecurity Advisory CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks, February 28, 2023

“Use open-source penetration testing tools, such as BloodHound…, to verify domain controller security.”

CISA Publication #StopRansomware Guide, October 19, 2023