Overview

The ADSecure solution is truly a revolutionary way to protect against successful Active Directory attacks, without interfering with production AD operations, requiring logs, or complex rights and permissions management. Additionally, one of the best things about deployment is that you don’t have to touch or alter production Active Directory controllers for it to work. Implementation is exceptionally straightforward with the majority of the setup time spent on strategy for how in-depth you want to make the fake ADSecure environment and information.
ADSecure is a new product that can be easily installed as an add-on license to the ThreatDefend ® Platform or deployed as a standalone product.
How it works
• The module detects unauthorized attack queries.
• It hides the high-value real credentials and system data from the attacker AD queries
• It returns deceptive alternative content, misdirecting attackers, creating an altered reality for the attacker, and making them unable to trust their tools
• The deceptive content directs attackers into the decoy environment
• The deception environment safely monitors the attacks for adversary intelligence
This method of prevention is an invaluable deterrent as attackers can no longer trust what they see or the tools they rely on. We pressure-tested the solution during beta and demonstrated the ability to reliably detect attackers early (within their first 20 commands) and to be able to engage the Red Team unknowingly for over 2 days.