CLOAKING - Attivo Networks

Concealment

Stop attackers early in their process by hiding critical data, credentials, Active Directory objects, storage locations, and accounts.

Awards

Overview

Endpoint compromises are happening at a relentless pace, leading to significant ransomware demands and business disruption. Organizations must stop post-compromise attack activity quickly, which requires reliable prevention and detection of attacker in-network lateral movement and privilege escalation activities.

Derailing lateral movement centers on preventing cybercriminals from seeing and accessing network or local data and account information that can lead to theft or destruction. The Attivo Networks endpoint-based concealment function prevents attackers from finding and accessing critical data and exploiting local and AD accounts, data, and storage locations. Credential and Active Directory object concealment also serve to restrict credential theft and misuse, while binding credentials to applications prevents unauthorized access. By denying attackers the ability to see or exploit critical data, organizations can efficiently disrupt discovery and lateral movement activities, and drastically reduce the risk of a successful ransomware or other destructive attack.

 

WHY USE CONCEALMENT TECHNOLOGY

Attackers can’t access, alter, or destroy objects they can’t see. Attivo Networks protects critical data and storage by hiding:

HOW CONCEALMENT WORKS

Concealment technology prevents attackers from seeing or gaining access to information, files, and storage they could use to progress their attack with discovery, lateral movement, and privilege escalation activities. As attackers attempt to discover or access these objects, the platform raises an alert containing the details of their activities down to the process and command line level.

How Denial Works

Benefits

Hide and Deny Access to Credentials and Local, Network, or Cloud Storage

Icon_Ransomware-Protection_white-e1631293791791

Ransomware Protection

  • Prevent ransomware from discovering or encrypting data by hiding and denying access to storage and credentials
Icon_Deny-Privilege-Escalation-e1631293872462

Deny Privilege Escalation

  • Hide Local or Active Directory privileged accounts so attackers can’t use them to escalate privileges
Icon_Prevent-Lateral-Movement_white_1-e1631293919537

Prevent Lateral Movement

  • Hide credentials and mapped network shares to prevent attackers from gaining unauthorized access and moving laterally through the network

“54% OF THE TECHNIQUES AND TACTICS USED TO EXECUTE TESTING OF LATERAL MOVEMENT WERE MISSED.”

2020 MANDIANT SECURITY EFFECTIVENESS REPORT​

Attivo Networks Concealment Coverage Overview

Cloaking-Prevent-Cybercriminals-diagram

HIDE CRITICAL AREAS OF YOUR NETWORK

Insider Threat Supplier/Local Files

Local Files

Local Folder Single

Local Folders

Network Shares

Network Shares

Mitigate Risk

Cloud Shares

Removable Drives

Removable Drives

Local Admin Accounts

Local Admin Accounts

Application Credentials

Application Credentials

Resources

Solution Brief
DERAILING RANSOMWARE AND RELATED MALWARE ATTACKS
td-platform-vid
ENDPOINT DETECTION NET DATASHEET
Solution Brief
THREATDEFEND OVERVIEW

Content

Attivo Networks’ Effective Approach to Fight Ransomware
Hide and Deny Access to Ransomware Attackers
Solution Brief: Ransomware Mitigation
Using Data Concealment to Derail Attackers

Ready to find out what’s lurking in your network?

Scroll to Top