Page 212 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 212

it harder for attackers to steal and use them. Defenders can also be proactive, placing false credentials
            on network endpoints to trick attackers into stealing them. When an attacker attempts to use a set of
            deceptive credentials, the system can flag it as attacker activity and notify defenders in real time. In
            addition to seeding decoy credentials, organizations can also take steps to hide their real credentials,
            making them invisible to attackers. Much like defenders cannot protect what they cannot see, attackers
            cannot steal what they cannot see. And if they can’t compromise a valid identity, they will find it that much
            harder to break out from the endpoint and escalate their attacks.



            Bringing Endpoint and Identity Security Together

            Organizations are increasingly implementing ITDR solutions to complement EDR tools and provide the
            ability to address credential theft, credential misuse, privilege escalation, and other attack activities that
            traditional endpoint security solutions are not designed to manage. Together, these solutions can help
            defenders identify potential vulnerabilities on the endpoint while adding real-time detection capabilities to
            identify suspicious activities like mass account or password changes, brute force attacks, use of disabled
            accounts, and more. The ability to conceal valid credentials while seeding fake ones designed to attract
            adversaries adds a new layer of defense designed to make it harder for attackers to break out from the
            endpoint and reach Active Directory. By rethinking their approach to endpoint security and integrating it
            with identity-based solutions, today’s organizations can shore up their defenses against some of today’s
            most prevalent—and evasive—attacks.





            About the Author

            Carolyn Crandall  is  the  strategic  advisor  for  SentinelOne,  an  autonomous
            cybersecurity platform company. Prior to SentinelOne, Carolyn served as the
            Chief Security Advocate and CMO at Attivo Networks. She is a high-impact
            technology  executive  with  over  30  years  of  experience  in  building  new
            markets  and  successful  enterprise  infrastructure  companies.  She  has  a
            demonstrated  track  record  of  taking  companies  from  pre-IPO  through  to
            multibillion-dollar  sales  and  held  leadership  positions  at  Cisco,  Juniper
            Networks, Nimble Storage, Riverbed, and Seagate.





















                                                                                                            212
   207   208   209   210   211   212   213   214   215   216   217