Attivo Networks Stops Hackers At All Endpoints With New Active Directory Protection Solution

The new solution identifies enumerations and attacks directed at Active Directory, and even uses behavior analytics to pick out suspicious user behaviors.

Active Directory is a tantalizing target for many hackers, and it can be notoriously difficult to secure.

“The compromise of Active Directory has been in all of the major attacks that we‘ve been seeing related to ransomware and some other major attacks. So it’s something you want to look at, you want to reinvest in,” said Carolyn Crandall, chief security advocate and CMO of Attivo Networks.

One of the ways customers can reinvest is through Attivo Network’s ADSecure-DC offering. The cybersecurity vendor has expanded its portfolio to offer a solution that can pinpoint identity-based attacks from all endpoints.

“If an attacker has gotten that far, right, you want to know if they’re standing up new domain controllers, or changing policies, doing password spray-type of attacks,” Crandall said. “You want to be able to see all of those things, regardless of where it’s coming from. So, we feel like this gives us multi-layers of Active Directory defense and protects new attack surfaces that were simply not adequately covered before by any other technology that was out there.”

Crandall said ADSecure-DC stops hackers by identifying enumerations and attacks directed at Active Directory, picking out suspicious user behaviors through deep packet inspection and behavior analytics, and delivering high-fidelity alerts.

“So having that automated data collection, having the correlation done automatically, and then telling you what the incident is and how to remediate, it becomes extremely powerful,” said Crandall.

The vendor said ADSecure-DC provides threat protection from attacks originating from Windows, Mac, Linux, IoT/OT devices, and unmanaged devices - which are limited in their ability to run traditional endpoint protection software.

Crandall said this creates a major benefit for its channel partners.

“The opportunity for the channel is, ‘Hey, go to the ones you know, and they know you best and introduce the technology.’ And it’s pretty clear to show that traditional EDR does not have this, and if you go to identity access management systems, your IAM, your PAM, your IGA, they don’t do this either. So it’s a nice way to be able to articulate to your customers, this is closing a very critical gap in your security infrastructure,” Crandall said.

One Attivo partner, MRK Technologies, had a first-hand look at how effective the solution is. MRK Technologies’ director and CISO, Chris Clymer, tested out the product before it hit the market.

“We’re looking to get valid AD credentials. We’re looking to escalate to admin and domain admin credentials, and pivot our way through the network. So, finding ways to detect that kind of activity within Active Directory, it’s hugely valuable and it’s something I’m not going to get necessarily out of my traditional network based tools. I’m not going to get it out of my email security tools, all these other things are really good; there‘s just not great visibility at that level today,” Clymer said.

Crandall says there are several other companies that offer a large protion of protection but not the same full coverage as ADSecure-DC does.

“It was really the only one that stitches those all together. And then also adds that concealment, into realm and technology that’s extremely unique to Attivo Networks technology,” Crandall said.