Attivo EDN Solution for Protecting Credentials

Defending Against Credential Theft and Reuse

When attackers compromise an endpoint, they gain a foothold into the network, but to gain access, they must obtain rights and privileges to its resources. They often steal and reuse the credentials they find on the compromised endpoint to move to other systems, hoping to compromise accounts that give them privileged access.

The ThreatDefend Endpoint Detection Net (EDN) suite protects credentials by hiding and denying access to sensitive or privileged local and Active Directory accounts, and by creating fake credentials that misdirect attackers away from production resources and into decoys for engagement. Organizations gain early detection of their activities, while the platform derails the attempts at discovery, lateral movement, credential theft, and privilege escalation.

Awards for Credential Attack Protection and Detection

SC 2020 Awards
Info Security Products Guide 2020 Gold
Astors award platinum 2019


The ThreatDefend platform protects sensitive and privileged accounts locally and in Active Directory from compromise.


Hide and Deny Access

  • Prevent attackers from stealing local and AD accounts by concealing them from view.
Deceptive Active Directory Breadcrumbs

Misdirect Attacks

  • Breadcrumb attackers to decoys for engagement and early detection.
High Fidelity Detection

Early Attack Detection

  • Detect attackers early in the attack cycle as they attempt to pivot from an endpoint.
Scalability Benefits

Extensive Coverage

  • Supports endpoint, network, application, and cloud credentials for scaling across the enterprise.

Exposed Credentials

  • Gain visibility to exposed credentials that create attack paths
Interception & Redirection

Credentials in Transit

  • Detect and misdirect man-in-the middle attacks
Application Credentials

Reduce Attack Surface

  • Find and remediate exposed credentials that create attack paths

How ADSecure for Active Directory Security Works

Active Directory protection without touching the production environment.



01   The attacker compromises a production PC

02   The attacker uses an application to query AD for Domain admin accounts

03   ADSecure™ detects and alerts on the unauthorized queries

04   The AD server responds with production results

05   ADSecure™ hides the production results to reduce the attack surface

06   ADSecure™ provides fake AD objects, misdirecting attackers away from production systems

07   Attacker follows decoy credentials to deception environment

The Endpoint Detection Net™

Endpoint Detection Net

  • PC, Mac, Linux Credentials and Artifacts

  • Employees and Admin Credentials

  • Cloud and SaaS Credentials

  • Wire Transfer Credentials

Find and Remediate Exposed Credentials

EDN Solution Provides Visibility and Continuous Monitoring for Attack Surface Reduction.

ThreatPath Attack Surface Reduction

EDN (ThreatPath) Provides Visibility to Exposed:

  • Enterprise Application Credentials

  • AD Privileged Accounts

  • AD Shadow Admin Accounts

  • AD Service Accounts

  • Local Admin Accounts

  • Cloud Credentials

  • Misconfigured SMB network shares

  • Password reused across systems

  • Web app credentials

Misdirect Attackers While Hiding Sensitive or Privileged Accounts

Misdirect Attackers While Hiding Sensitive or Privileged Accounts 

Endpoint Detection Net Credential Protection

  • Hides real credentials among fake

  • Credentials lure breadcrumbs to decoys

  • TTPs, IOCs, and forensics are gathered and analyzed 

Layered Endpoint Defense

Layered Endpoint Defense

Boost Endpoint Detection with EDN Credential Protection

  • EDR prevents attackers from compromising endpoints 

  • EDN Prevents attacks from moving laterally from endpoints

  • MITRE ATT&CK DIY Testing shows EDN boosts performance by an average of 42%