Why Customers Choose ADSecure

Intercept unauthorized Active Directory queries and contain them automatically at the endpoint

With the ADSecure, organizations gain Active Directory security without interfering with production Domain Controllers. When an attacker queries AD, the solution intercepts the response, hides real results, and inserts deceptive AD data, creating an altered reality for the attacker. Organizations can now hide valuable enterprise resource information to reduce the attack surface. With the redirection of activities into the deception environment, the platform can safely study the attack to gather Tactics, Techniques, and Procedures (TTPs) and company-specific threat intelligence for accelerated response. ADSecure is available as a standalone product or as an add-on to the ThreatDefend platform.

ADSecure Module Capabilities

PROTECT Hide real data, deliver deceptive results
Protect

Hide real data, deliver
deceptive results

Comprehensive

Supports all popular
Microsoft AD objects

visibility icon
Visibility

Deep Telemetry
for awareness and
Threat Hunting

DISCREET Adds deceptive objects without impacting production AD
Discreet

Adds deceptive objects
without impacting
production AD

ADSecure ™ Active Directory Solution

Defend Active Directory without affecting production.

ADSECURE ™ ACTIVE DIRECTORY SOLUTION

Sequence

01   The attacker compromises a production PC

02   The attacker uses an application to query AD for Domain admin accounts

03   The AD server respond with production results

04   ADSecure intercepts the response, hides the production results, and inserts deceptive data

05   ADSecure sends the modified results back to the application for display

06   Attacker follows decoy credentials to deception environment

USE CASES

  • Privileged Credentials

    • — Protect against privileged credential theft with decoy credentials


  • Service Accounts

    • — Gain visibility into service account compromises that allow attackers to access elevated privileges on endpoints


  • Shadow Admin Accounts

    • — Identify ACL misconfigurations that give accounts elevated rights without proper group membership


  • Domain Controllers

    • — Gain visibility and awareness of attacker activity targeting critical domain servers


  • Critical Users and Computers

    • — Protect high value user and system accounts from attacker comprise.