Attivo Networks Stops Hackers At All Endpoints With New Active Directory Protection Solution
Active Directory is a tantalizing target for many hackers, and it can be notoriously difficult to secure.
“The compromise of Active Directory has been in all of the major attacks that we‘ve been seeing related to ransomware and some other major attacks. So it’s something you want to look at, you want to reinvest in,” said Carolyn Crandall, chief security advocate and CMO of Attivo Networks.
One of the ways customers can reinvest is through Attivo Network’s ADSecure-DC offering. The cybersecurity vendor has expanded its portfolio to offer a solution that can pinpoint identity-based attacks from all endpoints.
“If an attacker has gotten that far, right, you want to know if they’re standing up new domain controllers, or changing policies, doing password spray-type of attacks,” Crandall said. “You want to be able to see all of those things, regardless of where it’s coming from. So, we feel like this gives us multi-layers of Active Directory defense and protects new attack surfaces that were simply not adequately covered before by any other technology that was out there.”
Crandall said ADSecure-DC stops hackers by identifying enumerations and attacks directed at Active Directory, picking out suspicious user behaviors through deep packet inspection and behavior analytics, and delivering high-fidelity alerts.
“So having that automated data collection, having the correlation done automatically, and then telling you what the incident is and how to remediate, it becomes extremely powerful,” said Crandall.
The vendor said ADSecure-DC provides threat protection from attacks originating from Windows, Mac, Linux, IoT/OT devices, and unmanaged devices – which are limited in their ability to run traditional endpoint protection software.
Crandall said this creates a major benefit for its channel partners.
“The opportunity for the channel is, ‘Hey, go to the ones you know, and they know you best and introduce the technology.’ And it’s pretty clear to show that traditional EDR does not have this, and if you go to identity access management systems, your IAM, your PAM, your IGA, they don’t do this either. So it’s a nice way to be able to articulate to your customers, this is closing a very critical gap in your security infrastructure,” Crandall said.
One Attivo partner, MRK Technologies, had a first-hand look at how effective the solution is. MRK Technologies’ director and CISO, Chris Clymer, tested out the product before it hit the market.
“We’re looking to get valid AD credentials. We’re looking to escalate to admin and domain admin credentials, and pivot our way through the network. So, finding ways to detect that kind of activity within Active Directory, it’s hugely valuable and it’s something I’m not going to get necessarily out of my traditional network-based tools. I’m not going to get it out of my email security tools, all these other things are really good; there‘s just not great visibility at that level today,” Clymer said.
Crandall says there are several other companies that offer a large portion of protection but not the same full coverage as ADSecure-DC does.
“It was really the only one that stitches those all together. And then also adds that concealment, into realm and technology that’s extremely unique to Attivo Networks technology,” Crandall said.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise