CLOAKING
Stop attackers early in their process by hiding critical data, credentials, Active Directory objects, storage locations, and accounts.
Overview
Endpoint compromises are happening at a relentless pace, leading to significant ransomware demands and business disruption. Organizations must stop stage 2 post compromise attack activity quickly, which requires reliable prevention and detection of attacker in-network lateral movement and privilege escalation activities.
Derailing lateral movement centers on preventing cybercriminals from seeing and accessing local file and account information that can lead to data theft or destruction. The Attivo Networks endpoint-based DataCloak function prevents attackers from finding and accessing critical data and exploiting local files, accounts, and storage locations. Credential and Active Directory object cloaking also serve to restrict credential theft and misuse, while binding credentials to applications prevents unauthorized access. By denying attackers the ability to see or exploit critical data, organizations can efficiently disrupt discovery and lateral movement activities, and drastically reduce the risk of a successful ransomware or other destructive attack.
“54% OF THE TECHNIQUES AND TACTICS USED TO EXECUTE TESTING OF LATERAL MOVEMENT WERE MISSED.”
— 2020 MANDIANT SECURITY EFFECTIVENESS REPORT
Awards
Benefits
Hide and Deny Access to Local, Network, and Cloud Storage
Ransomware Protection
- Hide and deny access to ransomware to prevent discovery or encryption of local, network, or cloud-stored data
Deny Privilege Escalation
- Hide Local Administrator accounts so attackers can’t use them to escalate privileges
Prevent Lateral Movement
- Hide credentials to prevent attackers from gaining unauthorized access and moving laterally through the network
Attivo Networks Solution Overview
HIDE CRITICAL AREAS OF YOUR NETWORK
Local Files
Local Folders
Network Shares
Cloud Shares
Removable Drives
Local Admin Accounts
