Attivo ThreatDirect Deception Forwarder Technology

Why Customers Choose ADSecure

Intercept unauthorized Active Directory queries and contain them automatically at the endpoint

With the ADSecure, organizations gain Active Directory security without interfering with production Domain Controllers. When an attacker queries AD, the solution intercepts the response, hides real results, and inserts deceptive AD data, creating an altered reality for the attacker. Organizations can now hide valuable enterprise resource information to reduce the attack surface. With the redirection of activities into the deception environment, the platform can safely study the attack to gather Tactics, Techniques, and Procedures (TTPs) and company-specific threat intelligence for accelerated response. ADSecure is available as a standalone product or as an add-on to the ThreatDefend platform.

ADSecure Module Capabilities

Protect

Hide real data, deliver
deceptive results

Comprehensive

Supports all popular
Microsoft AD objects

Visibility

Deep Telemetry
for awareness and
Threat Hunting

Discreet

Adds deceptive objects
without impacting
production AD

ADSecure ™ Active Directory Solution

Defend Active Directory without affecting production.

Sequence

01 The attacker compromises a production PC

02 The attacker uses an application to query AD for Domain admin accounts

03 The AD server respond with production results

04 ADSecure intercepts the response, hides the production results, and inserts deceptive data

05 ADSecure sends the modified results back to the application for display

06 Attacker follows decoy credentials to deception environment

USE CASES

Privileged Credentials
- — Protect against privileged credential theft with decoy credentials
Service Accounts
- — Gain visibility into service account compromises that allow attackers to access elevated privileges on endpoints
Shadow Admin Accounts
- — Identify ACL misconfigurations that give accounts elevated rights without proper group membership
Domain Controllers
- — Gain visibility and awareness of attacker activity targeting critical domain servers
Critical Users and Computers
- — Protect high value user and system accounts from attacker comprise.

ThreatDefend Platform

Distributed Deception Platform for Post-Compromise Detection and Response

Network Deception

BOTsink

ThreatDirect

EndPoint

ThreatStrike

ADSecure

Deception Plus

ThreatOps

ThreatPath

Attivo Networks Survey Report

Top Threat Detection Concerns and Trends

eBook: Deception-Based Threat Detection

Shifting Power to the Defenders

Best Workplace

Best Technology

ADSecure ™

Why Customers Choose ADSecure

Intercept unauthorized Active Directory queries and contain them automatically at the endpoint

ADSecure Module Capabilities

Protect

Comprehensive

Visibility

Discreet

ADSecure ™ Active Directory Solution

Defend Active Directory without affecting production.

Sequence

01 The attacker compromises a production PC

02 The attacker uses an application to query AD for Domain admin accounts

03 The AD server respond with production results

04 ADSecure intercepts the response, hides the production results, and inserts deceptive data

05 ADSecure sends the modified results back to the application for display

06 Attacker follows decoy credentials to deception environment

USE CASES

Privileged Credentials

Service Accounts

Shadow Admin Accounts

Domain Controllers

Critical Users and Computers

Perspectives

RESOURCES

SPOTLIGHT

Ready to find out what’s lurking in your network?