Attivo Networks ADSecure Solution

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Attivo Networks
Websitehttps://attivonetworks.com/
Company size (employees)100 to 499
Type of solutionSoftware

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

Active Directory has become a primary attack vector for sophisticated attackers as they seek to leverage its valuable information, gain privileges, and domain control. Recent attacks from Advanced Persistent Threats have included attacks targeting AD and leveraging the information stored therein to elevate privileges and move laterally. Most AD security solutions focus on either hardening the servers or cleaning up policies and accounts but fail to secure the data from unauthorized queries.

•Because there is no way to inherently secure the data and objects within AD from theft and misuse, Attivo takes a different approach for protecting AD. The company’s ADSecure solution dramatically reduces risk by preventing attackers from enumerating AD and escalating their privileges. It does this by hiding real AD objects, raising alerts on unauthorized access, and returning fake data to an attacker, which, if used, diverts the attacker to an engagement server that can record and study their activities.

•What makes this particularly interesting is that the solution accomplishes this from the endpoint, and there is no need to touch or alter production AD to make this solution work. This feature eliminates the complexity and concerns that typically come with securing AD.

• Defenders can gather adversary intelligence as the solution redirects the queries and activities into the ADSecure decoy environment. They now gain the ability to collect and take action on company-centric threat intelligence.

Brief Overview

The ADSecure solution is truly a revolutionary way to protect against successful Active Directory attacks without interfering with production AD operations, requiring logs, provisioning complex rights, or managing permissions. Additionally, one of the best things about deployment is that the solution does not have to touch or alter production Active Directory controllers for it to work. Implementation is exceptionally straightforward, with most of the setup time spent on strategy for how in-depth to make the fake ADSecure environment and information.

ADSecure is a new product that can be easily installed as an add-on license to the ThreatDefend ® Platform or deployed as a standalone product.

How it works
• The module detects unauthorized attack queries.
• It hides the high-value real credentials and system data from the attacker AD queries
• It returns fake alternative content, misdirecting attackers, creating an altered reality for the attacker, and making them unable to trust their tools
• The fake data directs attackers into an engagement server
• The engagement server safely monitors the attacks and collects adversary intelligence

This prevention method is an invaluable deterrent as attackers can no longer trust what they see or the tools they rely upon for their attacks. This solution is proven to be effective against attackers and in detecting the actions of Red Teams. We are so confident in the value that organizations can immediately achieve from this solution that we are offering 90 day free trials from the attivonetworks.com website.