ADSecure leads attackers into the virtual Attivo Networks Deception Fabric and fake AD information.
ADSecure acts with deception against the misuse of Active Directory information. According to the manufacturer Attivo Networks, attackers who are looking for information about domain admins or domain controllers are led into a virtual environment full of traps.
ADSecure becomes active as soon as an attacker starts an illegitimate query in Microsoft Active Directory (AD) via a compromised endpoint. The request was first routed to the AD server in a regular manner and processed there properly. However, the answer that comes back from the AD server to the endpoint is modified by ADSecure; the attacker ends up in the virtual Attivo Networks Deception Fabric.
There, the attacker who is looking for information about privileged domain accounts, systems, and other high-quality objects receives fake Active Directory results that render an attacker’s automated tools ineffective. Any attempt to attack this bait environment ran into a virtual trap environment.
By directing attackers into the deception environment, Attivo Networks’ ThreatDefend platform could investigate the attack closely to determine tactics, techniques, and procedures, and gather company-specific threat information for an accelerated response.
Read the complete article here.