Active Directory Security Capabilities
Attacks on Active Directory (AD) used to be limited to well-financed and state-backed attackers. With automated attack tools, basic “script kiddies” can now quickly and successfully exploit Active Directory systems. Once compromised, attacks gain a digital map of your network and can reuse stolen credentials to move laterally within it. It is said that once an attacker gains Domain administrator control over Active Directory that it is essentially game over for the defender.
Traditional security tools such as SIEMs attempting to monitor logs have not been efficient in detecting AD attack activity; and maintaining AD privileges and policies doesn’t stop someone from enumerating privileged accounts and critical assets. A new approach is critically needed.
The Attivo ADSecure solution does what no other security control can do and efficiently conceals real Active Directory objects, raises alerts on unauthorized activities, and returns misinformation for derailing the attack. It also does this all without needing to alter anything with the production Active Directory environment.
The State of Active Directory
Active Directory Mismanagement Exposes 90% of Businesses to Breaches
95 million AD accounts are the target of cyberattacks every day
Penetration Testers Breach Active Directory Nearly 100% of the Time Indicating That Attackers Can Do the Same
74% of breaches involved access to a privileged account
Capabilities
Implement Active Directory security with extensive detection capabilities available in the ThreatDefend Platform
Control AD Data Access (ADSecure)
-
Creates strict access controls to AD data
-
Controls which applications can access AD data (limited paths and access)
-
Limits high-risk query access
-
Limits users that can query AD
Conceal AD Information (ADSecure)
-
Hides and obscures real AD Objects and data
-
Authorized employees and tools can still see AD data
-
Unauthorized queries only receive misinformation or nothing at all
Detection & Redirection (ADSecure)
-
Alerts real-time on unauthorized queries
-
Misinformation controls the attacker’s path
-
Whitelists legitimate processes
-
Collects detailed telemetry (TTPs)
Doesn’t Touch Production AD (ADSecure)
-
Will not disrupt normal business operations
-
Does NOT require:⏤Software on AD Servers⏤Admin Access to AD
Deceptive Breadcrumbs (BOTsink)
- Endpoint deception independent of deceptive AD
- Implant breadcrumbs in production DC
- Safeguard against Kerberoasting attacks, SYSVOL snoopers
Active Directory Decoy (BOTsink)
- Decoy AD Infrastructure: Enterprise-in-a-sandbox
- Engagement VMs appear as part of the enterprise
- Provides deceptive credentials validation and Windows decoy accounts
“It’s definitely the time to be looking at deception. It’s simple, inexpensive, and it works.”
SPOTLIGHT
Webinar: A New Way to Minimize Active Directory Security Risk
SPOTLIGHT
Intercepting Live Attacks with the Attivo Networks ADSecure Solution