Best Deception Technology | Attivo Networks ThreatDefend Platform
ThreatDefend protects against Active Directory enumeration and ransomware by hiding files, AD objects, folders, mapped network and cloud shares, and removable drives so attackers can’t find the data or access it for encryption.
Attivo ThreatDefend offers value and ROI as an early detection system of attacker reconnaissance, credential harvesting, privilege escalation, and lateral movement, considerably reducing dwell time and disrupting an attacker’s ability to complete their mission. Customers gain immediate value from in-network active observation, threat engagement, and the ability to provide the substantiated detail required to identify infected systems and block and quarantine threats.
Attivo leverages MITRE ATT&CK, which offers an excellent framework for showing coverage against attack techniques and tactics. The platform covers 11 of 12 tactics and 72 techniques, the most of any deception provider. MITRE also has MITRE Shield, which defines a framework for creating an Active Defense. Attivo covers 27 of 33 techniques and 123 of 190 use cases. ThreatDefend for a 1,000-person company starts at around $50,000.
Some other product highlights include protection of Active Directory by hiding AD objects and returning fake data to unauthorized queries, stopping ransomware attacks by data cloaking that hides and denies access, and preventing endpoint fingerprinting by redirecting inbound and outbound connection attempts that touch closed ports to decoys for engagement.
“ThreatDefend alerts are based upon attacker techniques and aren’t reliant on signatures, hashes, or database lookup, like most legacy security products,” the company said in its entry. “Thus, it does not require constant database updates, and generally, there are two major software updates per year. Updates are included as part of the support agreement and easily downloaded through a support portal.”
Read the original article in SC Media.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise