Author: Tushar Kothari, CEO – If anyone had any doubts about whether the attackers are already inside your networks, then the last week’s events indicate that you must expect that attackers already came in through various back doors. Some notable highlights from industry and government also drive this point home.
“Once inside the network, attackers almost always escalate privileges and move laterally to perform reconnaissance and access the information they are interested in stealing.” – Marshall Heilman, SVP, Mandiant.
Sophisticated nation-state adversaries who compromised a string of federal agencies in recent months used Kerberoasting to steal the passwords of agency employees and move laterally within compromised government networks, according to the latest guidance from the Department of Homeland Security.
In an Emergency Directive, the agency instructs federal agencies to “take action to remediate kerberoasting,” including engaging with third-party organizations that have experience “eradicating APTs from enterprise networks,” a reference to so-called “advanced, persistent threats.”
There are many solutions on the market that look at signatures or try to detect based on behaviors. Alternatively, Attivo Networks solutions focus on the techniques, making prevention and detection much more effective and reliable. The portfolio includes best-in-class capabilities to deny, detect, and derail threats to prevent attackers from escalating privileges and moving laterally inside the network. In some recent advanced attacks, detecting lateral movement is the most effective way to find adversaries inside your network.
Additional capabilities in the Attivo Networks ThreatDefend platform’s Endpoint Detection Net (EDN) solution include:
- Gaining in-depth visibility with the ADSecure solution into who is enumerating and discovering permissions from Active Directory
- Preventing exposures of high privilege accounts, service accounts, domain controllers, etc. with the ADSecure solution
- Gaining visibility with ThreatPath into Lateral Movement Paths (LMP) or exposed credentials on endpoints, and remediating these exposures.
- Gaining visibility with ThreatStrike into attackers stealing credentials and using them
- Preventing attackers from fingerprinting and discovering high-value database servers, file servers, etc., with the EDN Deflect function.
- Protecting important files and documents from encryption and exfiltration, and network mapped shares, cloud mapped shares, etc., from attackers and ransomware
The ThreatDefend platform offers these and many more capabilities to defend the network from unrestricted lateral movement activities.
Given the current situation, Attivo is stepping forward with immediate free access to the EDN Suite of products for organizations who need and want to immediately shore up their defenses to prevent attackers from progressing inside the network. Meanwhile, we will continue to work with you on a longer-term deployment and operations plan.
Please contact us directly so we can recommend and provide the optimum solution to protect your organization immediately.