Attivo expands Active Directory protection

In 2021, there was a surge of attacks targeting Active Directory domain controllers in order to gain the privileges that are needed to install backdoors, change security policies, and distribute ransomware or malware.

In recent days there have also been attacks targeting organizations in the Ukraine using the HermeticWiper malware which is implanted via Active Directory to destroy data on the machine.

All of this highlights the need to protect not just Windows systems but also Mac and Linux machines as well as IoT and OT devices. Attivo Networks is announcing the expansion of its AD protection portfolio to allow the detection of identity-based attacks at the domain controller from all endpoints.

The Attivo Networks ADSecure-DC solution identifies enumeration and attacks targeting Active Directory. It also detects suspicious user activity using deep packet inspection and behavior analytics and delivers high-fidelity alerts.

“Active Directory services continue to be the powerhouse for all critical information and help adversaries to further their attacks easily and without detection,” says Srikant Vissamsetti, SVP of engineering at Attivo Networks. “For organizations that are using a managed Active Directory service, the additional protection of domain controllers prevent attackers from carrying out ransomware, Kerberoasting, Silver Ticket compromise, Domain Replication and other advanced AD attacks.”

The ADSecure-DC solution joins Attivo’s existing suite of AD protection products including ADSecure-EP, which operates on the endpoint and prevents attackers from seeing and accessing privileged credentials in Active Directory, ADAssessor for continuous AD exposure visibility, and ThreatPath, which identifies and remediates exposed and risky credentials on the endpoint.

Read the original article by Ian Baker on BetaNews.