MITRE APT ATT&CK Assessment DIY Results: Endpoint Detection Rates Improved by an Average of 42%

OVERVIEW

Attivo Networks has pioneered a new approach to protecting endpoints. Designed to serve as a force-multiplier to Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) solutions the ThreatDefend Endpoint capabilities efficiently close detection gaps and provide ongoing visibility to exposures creating attack paths.

Endpoint protection functions efficiently prevent attacker lateral movement by anticipating attack methods and efficiently derailing their efforts. By providing Active Directory query redirections and deceptive credentials and shares organizations can feed attackers fake information and quickly redirect them away from production assets. Additionally, by collecting adversary intelligence and forensics attack analysis can be accelerated and used for automated incident response.

The Endpoint Protection Challenge

Inability to Patch

Inability to Patch

Not all endpoints can run antivirus software

In-Network Detection

Capability to Monitor

Not all endpoints can produce logs for analysis

High-fidelity alert

Inability to Detect

< 5 hours to infiltrate a network
4.5 hours to break out
15 hours to exfiltrate data

Median time to Detection

Lateral Movement Blindspot

Lack of in-network detection capabilities leads to 78 days of dwell time.

Endpoint Detection Net:
A Security Defense Force-Multiplier

Comprehensive Attack Detection and Automated Response

Comprehensive Attack Detection and Automated Response

With EDN, organizations can extend their EPP and EDR solution capabilities to defend the environment better and prevent attackers from moving around. Additionally, organizations can leverage native integrations within the Attivo partner ecosystem to automate incident response for blocking, isolation, and threat hunting.

Business Value

  • Anticipate methods an attacker will use to break out from an infected endpoint and ambush their every move

  • Reduce the time an attacker can remain undetected and the amount of effort required for an organization to restore environments to normal operations

  • Boosts Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) solutions by extending detection to more attack phases per MITRE ATT&CK DIY evaluations and accelerating incident response

BENEFITS

The ThreatDefend platform provides extensive endpoint protection functions that prevent attacker lateral movement. Deceptive credentials and shares protect production assets by redirecting attackers away from production assets and into a decoy engagement environment.

High-fidelity detection

Credential theft, traversing mapped shares, Active Directory attacks

Protection against local and AD credential compromise

Prevent privilege escalation

Ransomware derailment

Thwart attacks attempting mapped share traversal or local data manipulation with decoy files, shares, and systems. Safely entertain attackers to provide more time for response

Stop lateral movement before it starts

Gain ongoing visibility to exposed or stored admin and other privileged credentials. Remediate lateral attack paths before attackers can use them. Deflect connection attempts from production systems to decoys.

Scalability and ease of operation

Coverage for a wide-variety of endpoints and machine-learning for automated learning and deployment.

Gather company-centric threat-Intelligence

Capabilities to collect adversary intelligence and forensic data empower faster triage

Accelerate Incident Response

Integrations with EPP and EDR solutions facilitate automated incident response

“I am more comfortable using Attivo then anything else that we have looked at, it is the easiest security technology that I have ever used!”

– Lead Security Architect