Active Directory attacker misguided
ADSecure leads attackers into the virtual Attivo Networks Deception Fabric and fake AD information.
ADSecure acts with deception against the misuse of Active Directory information. According to the manufacturer Attivo Networks, attackers who are looking for information about domain admins or domain controllers are led into a virtual environment full of traps.
ADSecure becomes active as soon as an attacker starts an illegitimate query in Microsoft Active Directory (AD) via a compromised endpoint. The request was first routed to the AD server in a regular manner and processed there properly. However, the answer that comes back from the AD server to the endpoint is modified by ADSecure; the attacker ends up in the virtual Attivo Networks Deception Fabric.
There, the attacker who is looking for information about privileged domain accounts, systems, and other high-quality objects receives fake Active Directory results that render an attacker’s automated tools ineffective. Any attempt to attack this bait environment ran into a virtual trap environment.
By directing attackers into the deception environment, Attivo Networks’ ThreatDefend platform could investigate the attack closely to determine tactics, techniques, and procedures, and gather company-specific threat information for an accelerated response.
Read the complete article here.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise