Quest launches AI security tool to cut response times on AD threats
Quest Software has announced the worldwide release of Security Guardian Intelligence, a generative AI-powered addition to its identity threat detection and response platform aimed at hybrid Active Directory and Microsoft Entra ID environments.
Features and context
The update is designed to help security teams, often facing a shortage of senior Active Directory (AD) specialists, translate technical alerts into plain-language insights, map incidents against recognised attacker behaviours, and follow guided remediation steps. This is intended to reduce investigation times and allow quicker action against potential identity threats.
Heath Thompson, President and Chief Product Officer at Quest, said,
"Security Guardian Intelligence doesn't just detect identity threats - it explains them with business or board-level context. It gives teams a faster way to prioritize real risk and take action, without needing to interpret every technical detail manually."
Industry pressures
Security and IT departments continue to experience increasing pressure as identity-based attacks rise and the financial impact of AD system downtime remains significant. The disruption from an Active Directory outage can cost in excess of $730,000 per hour, highlighting the importance of fast and effective response capabilities.
Organisations are also challenged by the growth in alert volumes, disconnected security tools, and a documented lack of specialists with advanced Active Directory skills. These delays in response can leave companies vulnerable to further impact, with data showing that successful ransomware attacks may disable systems for an average of 23 days.
Eric Aslaksen, General Manager of Security and Chief Information Security Officer at ivision, said,
"We support customers across industries who are drowning in identity alerts but lack the in-house expertise to act on them. Security Guardian already gives visibility - SGI adds the context and speed they've been missing. By helping surface what matters and guiding the response, it's shaping up to be a valuable tool in our identity security toolkit."
Key capabilities
Security Guardian Intelligence introduces three primary functions to address current industry challenges:
- Plain-language threat summaries, providing technical findings in an accessible format
- Mapped attacker behaviour, aligned with recognised frameworks such as MITRE ATT&CK
- Embedded, step-by-step remediation guidance, designed to function without the need for manual scripting or escalation
Comparison with legacy platforms
Quest has highlighted the architectural difference between its platform and older solutions. Security Guardian was developed as a cloud-native platform, enabling it to support real-time application of large language models across live identity telemetry without requiring additional workarounds.
The company noted that traditional on-premises security tools can face performance and infrastructure limitations when integrating advanced artificial intelligence capabilities. By contrast, Quest seeks to provide accelerated insights and more comprehensive context through its updated solution.
Integration and availability
Security Guardian Intelligence is included in the existing platform at no additional charge for current customers. It also functions alongside other components in Quest's Cybersecurity & Resilience suite, which covers enterprise backup and disaster recovery, endpoint protection, and continuous incident response, in an effort to extend protection across all phases of the attack lifecycle.
The update uses a click-to-context approach, taking users directly from identity alerts to recommendations and business impact analysis, with the objective of helping teams act even in the absence of senior identity specialists.
Quest Software reports that the new functionality was designed to be AI-ready from the outset, meeting the needs of modern hybrid identity environments involving both on-premises and cloud-based directories.
