The Attivo Endpoint Detection Net product is tackling endpoint security challenges head-on by making every endpoint a decoy designed to disrupt an attacker’s ability to break out and further infiltrate the network. It does this without requiring agents on the endpoint or causing disruption to regular network operations.
The Endpoint Detection Net solution elevates security control by accurately raising alerts and taking proactive measures to derail attackers. These capabilities include early attack detection based on:
• Unauthorized Active Directory queries from an endpoint. Attackers seeking information on privileged domain accounts, systems, and other high-value objects will now receive fake Active Directory results, which make an attacker’s automated tools untrustworthy and further advancement futile as their efforts get redirected into a decoy environment.
• Theft of local credentials. Deceptive credential lures deploy on the endpoint, and attempted use by an attacker will breadcrumb attacks away from production assets and into a decoy environment.
• Attempts to compromise file servers by moving to mapped shares. Attacks will get thwarted by decoy file shares and systems. Attackers will also be actively engaged within the decoys, providing defenders time to isolate the systems and prevent further infection of malware or ransomware.
• Network reconnaissance to find production assets and available services. These activities will become challenging as decoys obfuscate the attack surface with systems that appear identical to production assets but are instead virtual landmines for an attacker.
• Man-in-the-Middle attacks where attackers try to steal credentials in transit. These attacks are traditionally difficult to identify; however, this solution delivers an innovative and quick means to detect and alert on them.
• Identifying the available attack paths that an attacker would take to move about the network. Organizations now gain visibility to at-risk credentials and avenues of lateral movement, as well as the insights needed to remove them before attackers can leverage any exposed or orphaned credentials.
Read the full article here.