Page 93 - Cyber Defense Magazine RSA Edition for 2021
P. 93

Organizations can also pair Attivo Threat Path technology to gain visibility from the endpoint. The solution
            provides topographical maps to easily view credential exposures, misconfigurations, and other risks that
            attackers can exploit to gain domain control.


            Putting this all into action, here are a couple of key use cases.

              •    Creation or expansion of a company’s Domain Assurance program, regardless of size or program
                   maturity.

              •    ADAssessor  addresses  and  simplifies  the  following  Domain  Assurance  dependencies  with
                   continuous visibility to exposures, misconfigurations, and attacks targeting Active Directory.  It
                   can also extend and automate AD expertise, expanding the breadth of people who understand
                   the organization’s AD, automating processes for more in-depth assessment, and provides context
                   to remediate vulnerabilities faster


              •    ADSecure also efficiently hides AD objects from attackers. When an unauthorized query comes
                   into AD, the solution only returns fake information designed to lead them into a decoy that safely
                   observes and collects the attacker’s actions. ADSecure can also run-in alert-only mode.


              •    Ransomware mitigation is another prevalent use case for Active Directory protection. Here, there
                   are 3 ways to efficiently derail ransomware attacks using Attivo technology.


              •    The first is to hide the data they seek. With Attivo’s unique DataCloak function, attackers cannot
                   see or access the files, folders, mapped and removable drivesthey seek.

              •    Next, stand up fake data that will show instead of the real information. When the attacker attempts
                   to engage with the fake data, a high interaction engine occupies the attacker, providing distraction
                   and time to isolate the infected system from the network.


              •    The third is preventing the attacker from gaining control of Active Directory, stopping them from
                   gaining  the  privileges  they  need  to  distribute  malware  to  other  endpoints  or  using  lateral
                   movement techniques as part of their attack


              •    In each scenario, the Attivo solution captures the unauthorized commands and the processes that
                   spawned them















                                                                                                              93
   88   89   90   91   92   93   94   95   96   97   98