Endpoint Detection
Awards
Overview
Attivo Networks has pioneered a new approach to protecting endpoints. Designed to serve as a force-multiplier to Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) solutions the ThreatDefend Endpoint capabilities efficiently close detection gaps and provide ongoing visibility to exposures creating attack paths.
Endpoint protection functions efficiently prevent attacker lateral movement by anticipating attack methods and efficiently derailing their efforts. By providing Active Directory query redirections and deceptive credentials and shares organizations can feed attackers fake information and quickly redirect them away from production assets. Additionally, by collecting adversary intelligence and forensics attack analysis can be accelerated and used for automated incident response.
The Endpoint Protection Challenge
Inabilty to patch
Not all endpoints can run antivirus software
Capability to Monitor
Not all endpoints can produce logs for analysis
Inability to Detect
< 5 hours to infiltrate a network
4.5 hours to break out
15 hours to exfiltrate data
Lateral Movement Blindspot
Lack of in-network detection capabilities leads to 78 days of dwell time.
Endpoint Detection Net: A Security Defense Force-Multiplier
Comprehensive Attack Detection and Automated Response
With EDN, organizations can extend their EPP and EDR solution capabilities to defend the environment better and prevent attackers from moving around. Additionally, organizations can leverage native integrations within the Attivo partner ecosystem to automate incident response for blocking, isolation, and threat hunting.
BUSINESS VALUE
- Anticipate methods an attacker will use to break out from an infected endpoint and ambush their every move
- Reduce the time an attacker can remain undetected and the amount of effort required for an organization to restore environments to normal operations
- Boosts Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) solutions by extending detection to more attack phases per MITRE ATT&CK DIY evaluations and accelerating incident response
Benefits
The ThreatDefend platform provides extensive endpoint protection functions that prevent attacker lateral movement. Deceptive credentials and shares protect production assets by redirecting attackers away from production assets and into a decoy engagement environment.
High-fidelity detection
- Credential theft, traversing mapped shares, Active Directory attacks
Protection against local and AD credential compromise
- Prevent privilege escalation
Ransomware derailment
- Thwart attacks attempting mapped share traversal or local data manipulation with decoy files, shares, and systems. Safely entertain attackers to provide more time for response
Stop lateral movement before it starts
- Gain ongoing visibility to exposed or stored admin and other privileged credentials. Remediate lateral attack paths before attackers can use them. Deflect connection attempts from production systems to decoys.
Scalability and ease of operation
- Coverage for a wide-variety of endpoints and machine-learning for automated learning and deployment.
Gather company-centric threat-Intelligence
- Capabilities to collect adversary intelligence and forensic data empower faster triage
Accelerate Incident Response
- Integrations with EPP and EDR solutions facilitate automated incident response
Pen Testing
- Improves detection proficiency during Red Team testing and security assessments
“I am more comfortable using Attivo then anything else that we have looked at, it is the easiest security technology that I have ever used!”
