ADSecure for Active Directory Protection

Partners / Technology Partners / attivo networks /ADSecure for Active Directory Protection >

INTERCEPTING LIVE ATTACKS WITH THE ATTIVO NETWORKS ADSECURE SOLUTION

Attivo Networks ADSecure for Active Directory Protection

OVERVIEW

Active Directory (AD) is a Microsoft product that consists of several services to administer permissions and access to networked resources on a Windows Network. By design, AD will readily exchange information with any member system it manages. Attackers can also leverage this access to extract information on the entire domain quickly. Security teams may not realize that attacks on AD are occurring because the activities will appear as if AD is providing the data to a member system as part of normal operations. Attackers can extract user accounts, system accounts, and trusted domain information from any compromised member system on the AD domain to find privileged accounts, overlapping security rights that provide elevated privileges, or significant systems to target as part of their attacks. These can include trusted domain controllers, essential servers, or databases with critical data. Detection of AD attacks can be difficult because organizations must typically manually defend against such activities. The ADSecure solution that is part of the Attivo Networks ThreatDefend® Detection Platform provides a new approach to preventing cyber criminals for successfully reaching and compromising AD.

THE ATTIVO NETWORKS THREATDEFEND PLATFORM

The Attivo Networks ThreatDefend Detection and Response platform uses deception technology to accurately and efficiently detect and derail the lateral movement of attacks across all primary attack vectors. With the Attivo detection fabric interwoven throughout the entire network infrastructure, from user segments, data centers, cloud, specialized networks, or remote locations, organizations create a virtual layer of landmines and lures designed to confuse, slow down and misdirect an attacker. The system alerts when an attacker engages with a decoy through network scans, stolen deceptive credentials, or other methods.

ADSECURE

The ADSecure solution is a modular component of the ThreatDefend platform, designed to defend against AD attacker data gathering. It augments the existing AD defense capabilities the platform already offers such as deceptive credentials based on production accounts and decoy AD infrastructure servers. ADSecure sits at every endpoint and responds to queries attempting to harvest AD data from an unauthorized system. The solution inserts deceptions to counter the AD attack by replying with deceptive data, hiding the privileged credentials, and altering real credentials values. This interception includes engagement of the activities into the deception environment where the system safely studies the attack and collects threat intelligence.

decoy credits flowchart

With ADSecure, organizations can efficiently intercept advanced attacks (APTs) and contain them automatically at the endpoint. With the engagement of activities into the deception environment, the ThreatDefend platform can safely study the attack and gather Tactics, Techniques, and Procedures (TTPs), along with company-specific threat intelligence.

The solution can be purchased standalone or as part of the ThreatDefend Endpoint Suite.

Download Request for Attivo Networks
ADSecure for Active Directory Protection

Please enter your details to sign up to our mailing list and the download will be emailed to you shortly.

Download Request for
Votiro Secure File Gateway for Email

Please enter your details to sign up to our mailing list and the download will be emailed to you shortly.

Our website uses cookies to provide a better user experience, improve our services and our website’s functionality. By continuing to use our website, you consent to the use of cookies and agree to our Privacy Policy and Terms of Service.