Attivo Offers Limited-Time Software Use to Combat Privilege Escalation and Lateral Movement
Reading Time: 2 minutes | Published: December 22, 2020 in Active Directory, Blogs, ThreatDefend
Tags: breach, EDN, free trial, lateral movement, ThreatDefend
Author: Tushar Kothari, CEO – If anyone had any doubts about whether the attackers are already inside your networks, then the last week’s events indicate that you must expect that attackers already came in through various back doors. Some notable highlights from industry and government also drive this point home.
“Once inside the network, attackers almost always escalate privileges and move laterally to perform reconnaissance and access the information they are interested in stealing.” – Marshall Heilman, SVP, Mandiant.
Sophisticated nation-state adversaries who compromised a string of federal agencies in recent months used Kerberoasting to steal the passwords of agency employees and move laterally within compromised government networks, according to the latest guidance from the Department of Homeland Security.
In an Emergency Directive, the agency instructs federal agencies to “take action to remediate kerberoasting,” including engaging with third-party organizations that have experience “eradicating APTs from enterprise networks,” a reference to so-called “advanced, persistent threats.”
There are many solutions on the market that look at signatures or try to detect based on behaviors. Alternatively, Attivo Networks solutions focus on the techniques, making prevention and detection much more effective and reliable. The portfolio includes best-in-class capabilities to deny, detect, and derail threats to prevent attackers from escalating privileges and moving laterally inside the network. In some recent advanced attacks, detecting lateral movement is the most effective way to find adversaries inside your network.
Additional capabilities in the Attivo Networks ThreatDefend platform’s Endpoint Detection Net (EDN) solution include:
- Gaining in-depth visibility with the ADSecure solution into who is enumerating and discovering permissions from Active Directory
- Preventing exposures of high privilege accounts, service accounts, domain controllers, etc. with the ADSecure solution
- Gaining visibility with ThreatPath into Lateral Movement Paths (LMP) or exposed credentials on endpoints, and remediating these exposures.
- Gaining visibility with ThreatStrike into attackers stealing credentials and using them
- Preventing attackers from fingerprinting and discovering high-value database servers, file servers, etc., with the EDN Deflect function.
- Protecting important files and documents from encryption and exfiltration, and network mapped shares, cloud mapped shares, etc., from attackers and ransomware
The ThreatDefend platform offers these and many more capabilities to defend the network from unrestricted lateral movement activities.
Given the current situation, Attivo is stepping forward with immediate free access to the EDN Suite of products for organizations who need and want to immediately shore up their defenses to prevent attackers from progressing inside the network. Meanwhile, we will continue to work with you on a longer-term deployment and operations plan.
Please contact us directly so we can recommend and provide the optimum solution to protect your organization immediately.
Share on:
Continue Reading
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise