Defend Against Stolen Credential Attacks
Defending Against Credential Theft and Reuse
When attackers compromise an endpoint, they gain a foothold into the network, but to gain access, they must obtain rights and privileges to its resources. They often steal and reuse the credentials they find on the compromised endpoint to move to other systems, hoping to compromise accounts that give them privileged access.
The ThreatDefend Endpoint Detection Net (EDN) suite protects credentials by hiding and denying access to sensitive or privileged local and Active Directory accounts, and by creating fake credentials that misdirect attackers away from production resources and into decoys for engagement. Organizations gain early detection of their activities, while the platform derails the attempts at discovery, lateral movement, credential theft, and privilege escalation.
Credential Protection Benefits
The ThreatDefend platform protects sensitive and privileged accounts locally and in Active Directory from compromise.
- Prevent attackers from stealing local and AD accounts by concealing them from view.
- Breadcrumb attackers to decoys for engagement and early detection.
- Detect attackers early in the attack cycle as they attempt to pivot from an endpoint.
- Supports endpoint, network, application, and cloud credentials for scaling across the enterprise.
- Gain visibility to exposed credentials that create attack paths
- Detect and misdirect man-in-the middle attacks
- Find and remediate exposed credentials that create attack paths
How ADSecure for Active Directory Security Works
Active Directory protection without touching the production environment.
Sequence
01 The attacker compromises a production PC
02The attacker uses an application to query AD for Domain admin accounts
03ADSecureâ„¢ detects and alerts on the unauthorized queries
04The AD server responds with production results
05ADSecureâ„¢ hides the production results to reduce the attack surface
06 ADSecureâ„¢ provides fake AD objects, misdirecting attackers away from production systems
07Attacker follows decoy credentials to deception environment
Endpoint Detection Net
- PC, Mac, Linux Credentials and Artifacts
- Employees and Admin Credentials
- Cloud and SaaS Credentials
- Wire Transfer Credentials
Find and Remediate Exposed Credentials
EDN Solution Provides Visibility and Continuous Monitoring for Attack Surface Reduction.
EDN (ThreatPath) Provides Visibility to Exposed:
- Enterprise Application Credentials
- AD Privileged Accounts
- AD Shadow Admin Accounts
- AD Service Accounts
- Local Admin Accounts
- Cloud Credentials
- Misconfigured SMB network shares
- Password reused across systems
- Web app credentials
Misdirect Attackers While Hiding Sensitive or Privileged Accounts
Endpoint Detection Net Credential Protection
- Hides real credentials among fake
- Credentials lure breadcrumbs to decoys
- TTPs, IOCs, and forensics are gathered and analyzed
Layered Endpoint Defense
Boost Endpoint Detection with EDN Credential Protection
- EDR prevents attackers from compromising endpoints
- EDN Prevents attacks from moving laterally from endpoints
- MITRE ATT&CK DIY Testing shows EDN boosts performance by an average of 42%