Defending Against Credential Theft and Reuse
When attackers compromise an endpoint, they gain a foothold into the network, but to gain access, they must obtain rights and privileges to its resources. They often steal and reuse the credentials they find on the compromised endpoint to move to other systems, hoping to compromise accounts that give them privileged access.
The ThreatDefend Endpoint Detection Net (EDN) suite protects credentials by hiding and denying access to sensitive or privileged local and Active Directory accounts, and by creating fake credentials that misdirect attackers away from production resources and into decoys for engagement. Organizations gain early detection of their activities, while the platform derails the attempts at discovery, lateral movement, credential theft, and privilege escalation.
Awards for Credential Attack Protection and Detection
CREDENTIAL PROTECTION
The ThreatDefend platform protects sensitive and privileged accounts locally and in Active Directory from compromise.
Benefits
Hide and Deny Access
-
Prevent attackers from stealing local and AD accounts by concealing them from view.
Misdirect Attacks
-
Breadcrumb attackers to decoys for engagement and early detection.
Early Attack Detection
-
Detect attackers early in the attack cycle as they attempt to pivot from an endpoint.
Extensive Coverage
-
Supports endpoint, network, application, and cloud credentials for scaling across the enterprise.
Exposed Credentials
- Gain visibility to exposed credentials that create attack paths
Credentials in Transit
- Detect and misdirect man-in-the middle attacks
Reduce Attack Surface
- Find and remediate exposed credentials that create attack paths
How ADSecure for Active Directory Security Works
Active Directory protection without touching the production environment.
Sequence
01 The attacker compromises a production PC
02 The attacker uses an application to query AD for Domain admin accounts
03 ADSecure™ detects and alerts on the unauthorized queries
04 The AD server responds with production results
05 ADSecure™ hides the production results to reduce the attack surface
06 ADSecure™ provides fake AD objects, misdirecting attackers away from production systems
07 Attacker follows decoy credentials to deception environment
Endpoint Detection Net
-
PC, Mac, Linux Credentials and Artifacts
-
Employees and Admin Credentials
-
Cloud and SaaS Credentials
-
Wire Transfer Credentials
Find and Remediate Exposed Credentials
EDN Solution Provides Visibility and Continuous Monitoring for Attack Surface Reduction.
EDN (ThreatPath) Provides Visibility to Exposed:
-
Enterprise Application Credentials
-
AD Privileged Accounts
-
AD Shadow Admin Accounts
-
AD Service Accounts
-
Local Admin Accounts
-
Cloud Credentials
-
Misconfigured SMB network shares
-
Password reused across systems
-
Web app credentials
Misdirect Attackers While Hiding Sensitive or Privileged Accounts
Endpoint Detection Net Credential Protection
-
Hides real credentials among fake
-
Credentials lure breadcrumbs to decoys
-
TTPs, IOCs, and forensics are gathered and analyzed
Layered Endpoint Defense
Boost Endpoint Detection with EDN Credential Protection
-
EDR prevents attackers from compromising endpoints
-
EDN Prevents attacks from moving laterally from endpoints
-
MITRE ATT&CK DIY Testing shows EDN boosts performance by an average of 42%
SPOTLIGHT
Calculating ROI for Attivo Deception and Concealment Technology