Protect Your Active Directory. Get Your Free Trial Now.

Detect Network-Based Credential Harvesting

When attackers compromise an endpoint inside the network, they collect in-transit credentials as users connect to network resources by inserting themselves in the communications path.  This passive activity is challenging to detect because it happens locally on each network segment.

The ThreatDefend platform detects these attempts by identifying Man-in-the-Middle activity on every network segment it has visibility to and then sends fake credentials to the system to misdirect attackers to decoys for engagement.  Attackers no longer remain hidden as they attempt to connect in-transit credentials, and security teams can detect the activity early and take steps to remediate it quickly.

Awards for Attivo Solutions

SC 2020 Awards
Info Security Products Guide 2020 Gold
Astors award platinum 2019


Gain immediate visibility into passive network-based credential collection.


High Fidelity Detection

Early detection

  • Detect promiscuous DNS resolvers attempting Man-in-the-Middle activities early in their attempts.

Continuous visibility

  • Identify Man-in-the-Middle nodes when they try to insert themselves into communications paths.
Interception & Redirection

Misdirect attackers

  • Breadcrumb attackers to decoys for engagement by sending fake credentials to Man-in-the-Middle nodes.
Actionable Alerts Improve Incident Response

Multi-protocol support

  • Detect Man-in-the-Middle activities that use common name resolution protocols.

Detect Internal Network-Based Credential Harvesting

Identify Man-in-the-Middle Attacks Early.

Identify Man in the Middle attacks early