Detecting Man-in-the-Middle Attacks
Detect Network-Based Credential Harvesting
When attackers compromise an endpoint inside the network, they collect in-transit credentials as users connect to network resources by inserting themselves in the communications path. This passive activity is challenging to detect because it happens locally on each network segment.
The ThreatDefend platform detects these attempts by identifying Man-in-the-Middle activity on every network segment it has visibility to and then sends fake credentials to the system to misdirect attackers to decoys for engagement. Attackers no longer remain hidden as they attempt to connect in-transit credentials, and security teams can detect the activity early and take steps to remediate it quickly.
DETECTION, VISIBILITY, AND MISDIRECTION FOR MAN-IN-THE-MIDDLE ATTACKS
Gain immediate visibility into passive network-based credential collection.
- Detect promiscuous DNS resolvers attempting Man-in-the-Middle activities early in their attempts.
- Identify Man-in-the-Middle nodes when they try to insert themselves into communications paths.
- Breadcrumb attackers to decoys for engagement by sending fake credentials to Man-in-the-Middle nodes.
- Detect Man-in-the-Middle activities that use common name resolution protocols.
Detect Internal Network-Based Credential Harvesting
Identify Man-in-the-Middle Attacks Early.