SO-CON 2025: Call for presenters now open! Submit your proposals by November 15, 2024. Learn More

BloodHound Enterprise for Government

Ensure Mission Readiness

BloodHound’s FedRAMP High Compliant, cloud-delivered Attack Path Management solution eliminates Identity Attack Paths to achieve Zero Trust initiatives and meet mandated compliance regulations.

 

Get a demo

FedRAMP High Compliant

This accreditation is through an agency Authority to Operate (ATO) and our progress can be viewed on the FedRAMP Marketplace here.

Continuous Identity Protection, Unmatched Adversary Visibility

As the organization evolves with new identities and resources, BloodHound Enterprise for Government continually:

  • Maps every relationship and connection
  • Provides full understanding of real permissions
  • Tracks and exposes new Attack Paths

Light Weight, Scalable

BloodHound Enterprise for Government operates in the AWS GovCloud and requires minimal installation for data collection of your Microsoft AD and Entra ID environments.

  • Requirements: 16GB RAM, 5 GB Disk Space, TLS on 443/TCP to GovCloud
  • SharpHound Federal (AD): Windows Server
  • AzureHound Federal (Entra ID): Windows Server, Docker, or K8S

Fast Deployment, No Burden

BloodHound Enterprise for Government is fully deployed, secured, and managed by SpecterOps, requiring no additional installation or maintenance.

  • Deploys in minutes
  • Maps and analyzes in hours
  • Zero maintenance

Get a demo

Mission: Eliminate
Identity Risk

1. Achieve Zero Trust Architecture

The Executive Order on Improving the Nation’s Cybersecurity calls for the Federal Government to ‘advance toward Zero Trust Architecture’. To achieve Zero Trust you must be certain you have no trust relationships that give adversaries access to Tier 0 assets. BloodHound Enterprise for Government enables you to both validate you have achieved Zero Trust and/or shows you the critical paths you must remove to secure your agency.

2. Stop Adversaries

Identity Attack Paths are adversary’s most utilized and efficient way to move laterally and escalate privileges. BloodHound Enterprise for Government identifies critical Identity Attack Paths and provides remediation guidance to help you stop your adversaries from advancing.

3. Manage Risk

Operational Intelligence is required for planning and ensuring you have minimized your security risk. For Identity risks, this requires the ability to see and measure the Identity Attack Paths that exist in your network. BloodHound Enterprise for Government is the first-of-its-kind Attack Path Management platform to allow you to manage your Identity risks.

Mission: Compliance and Maturity

Compliance Frameworks

BloodHound Enterprise for Government enables compliance for frameworks that require users to maintain separate privileged accounts from their standard user accounts. Example compliance frameworks include:

  • NIST CSF v1.1: PR.AC-1 and PR.AC-4
  • NIST CSF 2.0: PR.AA-05 and ID.RA-03
  • NIST SP 800-53 Rev. 5: AC-5 and AC-6

 

Read the spec sheet
Maturity Models

BloodHound Enterprise for Government provides Optimal Visibility, Analytics, and Risk Assessment maturity to your organization for implementing Zero Trust for Identities.

  • CISA: Zero Trust Maturity Model, Version 2.0, April 2023 | Section 5.1
  • DoD: Zero Trust Strategy, October 2022 | Target Level User 1.1, 1.2, 1.4, 1.7

BloodHound Enterprise for Government’s Heritage Frequently Recognized by CISA

“In performing actions 4a through 4f, agencies should use tools such as BloodHound to understand the possible attack path that starts with a compromise of their Exchange infrastructure as the result of compromised Exchange permissions in Active Directory.”

CISA Emergency Directives ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities, March 03, 2021

“On Workstation 1, the team leveraged a modified SharpHound [the BloodHound] collector, ldapsearch, and command-line tool, dsquery, to query and scrape AD information, including AD users [T1087.002], computers [T1018], groups [T1069.002], access control lists (ACLs), organizational units (OU), and group policy objects (GPOs) [T1615].”

CISA Cybersecurity Advisory CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks, February 28, 2023

“… The red team queried parsed Bloodhound data for members of the SharePoint admin group and identified several standard user accounts with administrative access.”

CISA Cybersecurity Advisory CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks, February 28, 2023

“Use open-source penetration testing tools, such as BloodHound…, to verify domain controller security.”

CISA Publication #StopRansomware Guide, October 19, 2023

Blog Post
Final Steps to BloodHound Enterprise for Government — FedRAMP High Compliance
news
SpecterOps Brings Attack Path Management to Government Agencies to Help Reduce Risks Associated with Secure Identity Management
Spec Sheet
BloodHound Enterprise for Government Compliance Spec Sheet