SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Attivo Networks expands Active Directory Protection portfolio
Thu, 10th Mar 2022
FYI, this story is more than a year old

Attivo Networks, the experts in identity security and lateral movement attack prevention, has expanded its Active Directory Protection portfolio, adding capabilities to detect identity-based attacks at the domain controller from all endpoints.

The new ADSecure-DC solution provides threat protection from attacks originating from Windows as well as Mac, Linux, IoT/OT devices, and unmanaged devices which are limited in their ability to run traditional endpoint protection software.

According to the company, in 2021 there was a surge of attacks targeting active directory domain controllers in order to gain the privileges that are needed to install backdoors, change security policies and distribute ransomware or malware.

More than 90% of global 1000 enterprises use active directory for authentication and authorisation, Frost - Sullivan finds.

In addition, according to an Enterprise Management Associates (EMA) research report, half of the organisations surveyed experienced an attack on active directory (AD), with more than 40% indicating the attack was successful.

On top of this, 86% of respondents indicated that they were planning to prioritise the protection of active directory with increased investment.

The Attivo Networks ADSecure-DC solution identifies enumeration and attacks targeting active directory. It also detects suspicious user behaviours using deep packet inspection and behaviour analytics and delivers high-fidelity alerts.

Organisations gain AD security for attacks from managed and unmanaged systems, IoT and OT devices, and popular Windows and non- Windows (Mac, Linux) systems without interfering with domain controller operations.

Attivo Networks SVP engineering Srikant Vissamsetti says, “Active directory services continue to be the powerhouse for all critical information and help adversaries to further their attacks easily and without detection.

"For organisations that are using a managed active directory service, the additional protection of domain controllers prevent attackers from carrying out ransomware, Kerberoasting, Silver Ticket compromise, Domain Replication and other advanced AD attacks.

EMA research director CISSP, CISA, Christophe M. Steffen says, “In the cybersecurity world today, active directory is one of the most targeted assets by threat actors.

"By leveraging ADs vulnerabilities, attackers can penetrate an enterprise's entire network, and freely move undetected across multiple attack paths. However, enterprises today recognise the many risks and vulnerabilities active directory faces, making AD protection a top priority in 2022.

The Attivo Networks ADSecure-DC solution joins the company's existing suite of active directory protection products.

These include ADSecure-EP, which operates on the endpoint and prevents attackers from seeing and accessing privileged credentials in active directory, ADAssessor for continuous AD exposure visibility, and ThreatPath, which identifies and remediates exposed and risky credentials on the endpoint. Organisations deploying these solutions gain greater protection for their AD environment.

Attivo Networks, experts in Identity Detection and Response (IDR), provides defence to protect against identity compromise, privilege escalation and lateral movement attacks.

The company's solutions prevent and derail attack escalation activities across endpoints, active directory, and cloud environments by delivering visibility to security exposures and attack paths.

A combination of patented data cloaking, misdirection, and cyber deception innovations protects identities while comprehensively detecting threats. These solutions tightly align with the MITRE ATT-CK Framework and MITRE Engage.