Protect Your Active Directory. Get Your Free Trial Now.

Awards

SC 2020 Awards
Info Security Products Guide 2020 Gold
Astors award platinum 2019

OVERVIEW

Active Directory Security Capabilities

Attacks on Active Directory (AD) used to be limited to well-financed and state-backed attackers. With automated attack tools, basic “script kiddies” can now quickly and successfully exploit Active Directory systems.  Once compromised, attacks gain a digital map of your network and can reuse stolen credentials to move laterally within it. It is said that once an attacker gains Domain administrator control over Active Directory that it is essentially game over for the defender.

Traditional security tools such as SIEMs attempting to monitor logs have not been efficient in detecting AD attack activity; and maintaining AD privileges and policies doesn’t stop someone from enumerating privileged accounts and critical assets. A new approach is critically needed.

The Attivo ADSecure solution does what no other security control can do and efficiently conceals real Active Directory objects, raises alerts on unauthorized activities, and returns misinformation for derailing the attack. It also does this all without needing to alter anything with the production Active Directory environment.

The State of Active Directory

Mitigate Cyber Risk

Active Directory Mismanagement Exposes 90% of Businesses to Breaches

High-fidelity alert

95 million AD accounts are the target of cyberattacks every day

Penetration Testers Breach Active Directory Nearly 100% of the Time

Penetration Testers Breach Active Directory Nearly 100% of the Time Indicating That Attackers Can Do the Same

74% of breaches involved access to a privileged account

Capabilities

Implement Active Directory security with extensive detection capabilities available in the ThreatDefend Platform

Deceptive Active Directory

Control AD Data Access (ADSecure)

  • Creates strict access controls to AD data
  • Controls which applications can access AD data (limited paths and access)
  • Limits high-risk query access
  • Limits users that can query AD

Conceal AD Information (ADSecure)

  • Hides and obscures real AD Objects and data
  • Authorized employees and tools can still see AD data
  • Unauthorized queries only receive misinformation or nothing at all
Interception & Redirection

Detection & Redirection (ADSecure)

  • Alerts real-time on unauthorized queries
  • Misinformation controls the attacker’s path
  • Whitelists legitimate processes
  • Collects detailed telemetry (TTPs)
Production AD

Doesn’t Touch Production AD (ADSecure)

  • Will not disrupt normal business operations
  • Does NOT require:
    ⏤Software on AD Servers
    ⏤Admin Access to AD
Deceptive Active Directory Breadcrumbs

Deceptive Breadcrumbs (BOTsink)

  • Endpoint deception independent of deceptive AD
  • Implant breadcrumbs in production DC
  • Safeguard against Kerberoasting attacks, SYSVOL snoopers
Deceptive Active Directory

Active Directory Decoy (BOTsink)

  • Decoy AD Infrastructure: Enterprise-in-a-sandbox
  • Engagement VMs appear as part of the enterprise
  • Provides deceptive credentials validation and Windows decoy accounts

“It’s definitely the time to be looking at deception. It’s simple, inexpensive, and it works.”

Sr Director Analyst at the world’s leading information technology research and advisory company