sb-nz logo
Story image

Attivo Networks & SentinelOne combine endpoint security offerings

03 Dec 2020

Attivo Networks and SentinelOne have teamed up to combine cybersecurity defences and stop attackers in their tracks.

The two companies will combine their solutions, bringing endpoint protection and attack disruption together as a joint solution to the market. Furthermore, Attivo Networks has also joined the SentinelOne Singularity Partner Program.

“We are proud to work with SentinelOne and join the company’s Singularity Partner Program to help bolster endpoint security with Active Directory protection, credential theft detection, and credential exposure prevention,” says Attivo Networks A/NZ regional director Jim Cook. 

SentinelOne’s Singularity XDR platform provides endpoint protection, endpoint detection, and response, as well as IoT security, cloud security, and IT operations capabilities.
Attivo Networks’ Endpoint Detection Net protects Active Directory and credentials on endpoints, preventing attacks against these, as well as privilege escalation.

When used together, the SentinelOne XDR platform prevents attackers from compromising an endpoint while the Attivo EDN suite prevents attackers from breaking out of that endpoint if they manage to get in, the two companies explain.

“The Attivo EDN solution is a perfect complement to the SentinelOne Singularity XDR platform and will seamlessly add visibility to credential-based attacks, deny the adversary access to the data they seek, and derail them with misinformation every step of the way,” says Cook.

Active Directory protection, ADSecure, includes alerts when an attacker queries Active Directory, and also provides misinformation to lure the attacker away from the genuine production environment to slow or stop attacks. This protection happens from the endpoint, without touching production AD Domain Controllers.

The joint solution includes Attivo EDN, which operates on the endpoint. With the help of machine learning to create authentic-looking credentials that look like what employees use, the solution lures attackers in and diverts them away from real assets.

The Attivo EDN suite also provides continuous monitoring and reduction of the attack surface by identifying and automatically removing exposed credentials and local and shadow admin accounts left on endpoints that attackers can use to move laterally in the network. 

Security teams can also view historical data to see exposed critical paths, local administrator accounts, misconfigured SMB shares, browser credentials, and other information. 

“ It takes little effort to deploy, so even organisations without a mature visibility program can immediately benefit from understanding their credential-based vulnerabilities and an attacker’s opportunities for lateral movement,” the companies explain.

 Attivo Networks has joined the SentinelOne Singularity Partner Program, which enables the two companies to sell and support customers.