Deception Technology for the Energy Sector - Attivo Networks

Endpoint Detection

Amplify endpoint threat detection with early discovery and derailment of malicious privilege escalation activities including credential theft, traversing mapped shares, and Active Directory attacks.

MITRE APT ATT&CK Assessment DIY Results: Endpoint Detection Rates Improved by an Average of 42%

Overview

Attivo Networks has pioneered a new approach to protecting endpoints. Designed to serve as a force-multiplier to Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) solutions the ThreatDefend Endpoint capabilities efficiently close detection gaps and provide ongoing visibility to exposures creating attack paths.

Endpoint protection functions efficiently prevent attacker lateral movement by anticipating attack methods and efficiently derailing their efforts. By providing Active Directory query redirections and deceptive credentials and shares organizations can feed attackers fake information and quickly redirect them away from production assets. Additionally, by collecting adversary intelligence and forensics attack analysis can be accelerated and used for automated incident response.

The Endpoint Protection Challenge

Inability to Patch

Inabilty to patch

Not all endpoints can run antivirus software

In-Network Detection

Capability to Monitor

Not all endpoints can produce logs for analysis

High-fidelity alert

Inability to Detect

< 5 hours to infiltrate a network
4.5 hours to break out
15 hours to exfiltrate data

Median time to Detection

Lateral Movement Blindspot

Lack of in-network detection capabilities leads to 78 days of dwell time.

Endpoint Detection Net: A Security Defense Force-Multiplier

Comprehensive Attack Detection and Automated Response

Comprehensive Attack Detection and Automated Response

With EDN, organizations can extend their EPP and EDR solution capabilities to defend the environment better and prevent attackers from moving around. Additionally, organizations can leverage native integrations within the Attivo partner ecosystem to automate incident response for blocking, isolation, and threat hunting.

BUSINESS VALUE

  • Anticipate methods an attacker will use to break out from an infected endpoint and ambush their every move
  • Reduce the time an attacker can remain undetected and the amount of effort required for an organization to restore environments to normal operations
  • Boosts Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) solutions by extending detection to more attack phases per MITRE ATT&CK DIY evaluations and accelerating incident response

Benefits

The ThreatDefend platform provides extensive endpoint protection functions that prevent attacker lateral movement. Deceptive credentials and shares protect production assets by redirecting attackers away from production assets and into a decoy engagement environment.

Icon_Attacker-target_white

High-fidelity detection

  • Credential theft, traversing mapped shares, Active Directory attacks
Icon_Active-Directory_white

Protection against local and AD credential compromise

  • Prevent privilege escalation
Icon_Chain_white

Ransomware derailment

  • Thwart attacks attempting mapped share traversal or local data manipulation with decoy files, shares, and systems. Safely entertain attackers to provide more time for response
Lateral-Movement

Stop lateral movement before it starts

  • Gain ongoing visibility to exposed or stored admin and other privileged credentials. Remediate lateral attack paths before attackers can use them. Deflect connection attempts from production systems to decoys.
Scalability

Scalability and ease of operation

  • Coverage for a wide-variety of endpoints and machine-learning for automated learning and deployment.
Threat-Intelligence

Gather company-centric threat-Intelligence

  • Capabilities to collect adversary intelligence and forensic data empower faster triage
triangle_Exclamation

Accelerate Incident Response

  • Integrations with EPP and EDR solutions facilitate automated incident response
Computer

Pen Testing

  • Improves detection proficiency during Red Team testing and security assessments

“I am more comfortable using Attivo then anything else that we have looked at, it is the easiest security technology that I have ever used!”

– Lead Security Architect

Resources

Solution Brief
EDN USE CASES
td-platform-vid
THREATPATH DATASHEET
Solution Brief
ADSECURE DATASHEET

CONTENT

A Case Study on the Effectiveness of ADSecure
Endpoint Detection Net Solution Brief
Financial Services Firm Deploys ADSecure During Red Team Evaluation
Augmenting Endpoint Defenses with the Attivo Networks® EDN Solution

Spotlight

Using a Commercial Deception Solution to Improve MITRE ATT&CK Test Results for Endpoint Security

Ready to find out what’s lurking in your network?

Scroll to Top