Written by: Carolyn Crandall, Chief Deception Officer and CMO – Cybercriminals are growing more advanced, and one of the most successful tactics employed by cybercriminals remains credential theft. Unfortunately, too many organizations are leaving credentials exposed and easy for attackers to find—and once they fall into the hands of attackers, these credentials make it simple to escalate their attack and move freely throughout the network to find the most valuable data.
Attivo Networks brings unique technology that keeps credentials out of the hands of attackers. There are three levels of protection made available through the company’s Endpoint Detection Net (EDN) Suite. The first is the ability to find and remediate exposed credentials. The solution’s visibility capabilities help identify misconfigured systems and other potential vulnerabilities that grant attackers access to the network. The security teams can then automatically remediate these exposures, reducing the attack surface using the visibility tool’s native capabilities or with other means.
The second level of defense equips defenders to seed the network environment with false credentials that serve as lures, breadcrumbing attackers into a decoy environment that can effectively isolate them. Because the deception environment appears authentic, the intruder will be unaware that they have attempted to use false credentials and continue carrying out their attacks. This activity provides defenders with the unique opportunity to not only safeguard their credentials but gain valuable adversary intelligence that can help them improve their defenses in the future.
The third level of defense adds the protection of Active Directory (AD) and local administrative accounts. Attackers will query AD in search of credentials or other objects to give them access privileges to valuable data or the ability to reset security policies so they can remain undetected. With the Attivo EDN solution, security teams can hide these sensitive and critical objects so the attackers can’t action them, preventing them from extracting the accounts and information they need to progress their attacks. The solution can also hide local administrator accounts, preventing attackers from leveraging them upon compromising an endpoint. By hiding these accounts, attackers can’t leverage them to compromise other systems. Meanwhile, the security team gets alerts on every unauthorized AD query or attempt to enumerate local administrator accounts so they can respond quickly while also collecting threat intelligence on the tactics, techniques, and procedures (TTPs) attackers are using. Notably, this is all done from the endpoint and doesn’t touch production AD.
The EDN suite is an award-winning software solution that brings unique innovation that delivers a one-two-three punch to attackers, easily and efficiently identifying exposed credentials, obfuscating real credentials among lures, and protecting Active Directory from exploitation. The EDN solution is a powerful security control for removing an attacker’s ability to move undetected laterally through the network under the disguise of a real employee.