Why use DataCloak to protect information?
Hide and deny access to sensitive or critical data
Today’s attackers steal and destroy information as part of their attacks, whether they seek to move deeper into the network or to hold data for ransom. Preventing them from seeing or accessing local file and account information can prevent lateral movement, discovery, and data theft or destruction. The Attivo Networks Endpoint Detection Net (EDN) DataCloak function hides and denies access to local files, folders, removable storage, network or cloud shares, local administrator accounts, and application credentials. By denying attackers the ability to see or exploit critical data, organizations can disrupt their discovery or lateral movement activities and limit the damage from ransomware attacks.
PROTECTED ASSETS
Local Files
Local Folders
Network Shares
Cloud Shares
Removable Drives
Local Admin Accounts
Application Credentials
Prevent Damage to Critical Data
Hide and Deny Access to Local, Network, and Cloud Storage
Sequence
01 Attacker compromises a system
02 Attacker enumerates local files and folders
03 Attacker queries for local administrator accounts
04 Attacker looks for mapped network and cloud shares
05 EDN DataCloak hides and denies access to sensitive files, folders, and local administrator accounts
USE CASES
Ransomware protection
- — Hide and deny access to ransomware to prevent discovery or encryption of local, network, or cloud-stored data
Deny privilege escalation
- — Hide Local Administrator accounts so they can’t be used to escalate privileges
