Page 91 - Cyber Defense Magazine RSA Edition for 2021
P. 91

The downside of this approach is that reviewing logs can be very time-consuming to get right, and many
            SOC and SIEM instances do not ingest Active Directory and domain controller logsnatively. These tools
            are also prone to generating false alerts that noisy and tend to mute out the important ones. Perhaps the
            biggest  challenge  is  that  these  tools  are reactive  and don’t proactively identify AD vulnerabilities  that
            create risks related to credentials or domain access from endpoints. They are also not designed for live
            attack  detection  and will typically surface  issues well  after  the  event happens. This after-the-fact
            detection is similar  to alerting  on  a  car  crash  after it’s  happened,  which  is, of  course, not  very
            helpful except  for  recovery  efforts. Viewing logs  can also  miss  critical  attacks  like  password
            spraying, DCSync, DCshadow, and Golden ticket or silver ticket attacks.

            Attivo Networks has led  the  industry  in  providing  efficient  and  accurate threat detection  for  credential
            theft and lateral movement activity. The company has continued to lead in innovation around credential
            and Active Directory protection.  These include new ways to conceal credentials and AD objects from
            attackers, reveal attack paths, and deliver automated methods to find vulnerabilities in AD that create risk
            or demonstrate that a live attack is underway.


            In  2020,  Attivo announced  ADSecure  that  hides  AD  objects  from  attackers.  In  2021, the
            company announced                    ADAssessor,                  which automatically completes over
            200 exposure checks, identifies over  70  vulnerabilities,  and  continuously detects over  10 critical live
            attacks. These products create an unprecedented level of visibility and attack prevention that has simply
            not been seen in the market before.  Some of the quotes from our early adopters include:


            “When I found out about this, I was pretty shocked and a bit skeptical, but very excited with the outcome
            that, Hey, this actually solves a problem that I’ve been, been looking at for years and years and years.” –
            VP Information Security & IT Risk, Real Estate Equities Firm


            “I haven’t seen a tool yet that provides this level of visibility in a way that’s so usable.” – VP Information
            Security & IT Risk, Real Estate Equities Firm


            “We say that ADAssessor should be  something everybody does because Active Directory is just so
            commonly abused by attackers.” – – VP Information Security & IT Risk, Real Estate Equities Firm


            “ADAssessor provides a necessary and critical visibility into directory services and is a key component
            to provide identity and directory assurance.” - CISO, Large Food Retailer



            “A tool like ADAssessor is very great for understanding what are those hygiene changes that need to
            occur that I think you’ll see used for spotting changes.” - VP of IT infrastructure, Data Intelligence Firm









                                                                                                              91
   86   87   88   89   90   91   92   93   94   95   96