Attivo Networks launches credential-cloaking tool to deter data thieves
Identity detection and response software company Attivo Networks has today announced the launch of a new functionality called ThreatStrike, aimed at enabling organisations to hide credentials from would-be attackers and their tools.
The tool is part of Attivo’s Endpoint Detection Net suite, and also features visibility of decoy credentials that facilitate threat intelligence gathering when left as bait.
As the first stage of a lateral movement attack, thwarting a credential-based attack is a crucial component of a sound security approach — and doing so can make a material impact on the success and damages incurred by an attacker.
And as one of the most sought-after data types by attackers, the theft of credentials have been behind some of the most high-profile and costly data breaches recently.
“The benefit of credential protection is that only allowed system software can access them,” says Attivo Networks senior vice president of engineering Srikant Vissamsetti.
“Customers will benefit from the prevention of unauthorised access, which can lead to credential theft attacks, such as pass-the-hash, pass-the-ticket, and password theft that can be extremely difficult to detect and stop.”
ThreatStrike denies unauthorised access to applications. For example, only Chrome will have access to its credential store, and all other applications won’t.
The tool also addresses more sophisticated attacks, such as OS Credential Dumping (T1003), Credentials from Password Store (T1555), Unsecured Credentials (T1552), Steal or Forge Kerberos Tickets (T1558) and Steal Web Session Cookie (T1539).
With endpoint credentials now hidden from attacker view, the ThreatStrike solution plants bait on the endpoint, designed to appear as popular production Windows, Mac, and Linux credentials. As threat actors conduct reconnaissance, these lures will appear as attractive bait for in-network attackers to steal.
“The growing risk of credential theft attacks and misuse is the root cause of many modern cyber incidents,” says TAG Cyber founder and CEO Ed Amoroso.
“The recent Verizon Data Breach Report, for example, underscores stolen credentials as a top target for attackers. This challenge in the market is fuelling the need to reduce credential risk by managing entitlements in the context of an authorisation model.
“With the introduction of credential cloaking and policy-based application access, Attivo Networks is well-positioned to emerge as a significant player in the identity detection and response market.”
ThreatStrike’s credential cloaking capability represents an addition to Attivo’s existing stack of cloaking technologies. The company can currently cloak Active Directory objects, as well as files, folders, network, and cloud mapped shares, and removable drives.