Attivo Networks has expanded its Identity Detection and Response portfolio. Attivo Networks has unveiled a new method of preventing credential theft and misuse. The ThreatStrike feature, which is part of the Endpoint Detection Net (EDN) Suite, enables businesses to hide actual credentials from attacker tools and connect them to their applications. Furthermore, when used as bait, the solution may display fake credentials that aid in threat intelligence gathering. With this new feature, Attivo becomes the only solution of its kind capable of concealing genuine credentials from attackers.
An attacker steals credentials, extends privileges, and compromises vital data in a credential-based attack. Credential theft is the first stage of a lateral movement assault, and halting it early on can significantly impact the attacker’s success and damages.
Credentials remain one of the most sought-after data types by attackers, according to Verizon’s 2021 Data Breach Investigation Report (60 percent ).
Some of the largest and most expensive data breaches have been caused by stolen credentials.
In a credential-based attack, an attacker steals credentials, extends privileges, and compromises crucial data. Credential theft is the first stage of a lateral movement attack, and stopping it before it progresses can greatly impact the attacker’s success and damage.
According to Verizon’s 2021 Data Breach Investigation Report, credentials remain one of the attackers’ most sought-after data types (60 percent ).
Stolen credentials have been the cause of some of the most serious and costly data breaches.
“The benefit of credential protection is that only allowed system software can access them,” said Srikant Vissamsetti, senior vice president of engineering at Attivo Networks.
Also explains, “Customers will benefit from the prevention of unauthorized access, which can lead to credential theft attacks, such as Pass-the-Hash, Pass-The-Ticket, and Password Theft that can be extremely difficult to detect and stop.”
This new capability directly addresses sophisticated attack techniques such as OS Credential Dumping (T1003), Credentials from Password Store (T1555), Unsecured Credentials (T1552), Steal or Forge Kerberos Tickets (T1558), and Steal Web Session Cookie as outlined in the MITRE ATT&CK Credential Access Tactic (T1539).
The ThreatStrike system instals bait on the endpoint, designed to seem like common production Windows, Mac, and Linux credentials, now that endpoint credentials are hidden from attacker view. These lures will appear as appealing bait for in-network attackers to steal while threat actors undertake reconnaissance.
“The growing risk of credential theft attacks and misuse is the root cause of many modern cyber incidents,’ said Ed Amoroso founder and CEO of TAG Cyber. ‘The recent Verizon Data Breach Report, for example, underscores stolen credentials as a top target for attackers. This challenge in the market is fueling the need to reduce credential risk by managing entitlements in the context of an authorization model. With the introduction of credential cloaking and policy-based application access, Attivo Networks is well-positioned to emerge as a significant player in the identity detection and response market.”
Credential cloaking is another enhancement to the company’s cloaking technology stack. Active Directory objects, as well as files, folders, network and cloud mapped shares, and portable discs, are currently cloaked by the organisation. This technology is unique from standard deception technology, which intertwines phoney and genuine objects. Cloaking technology hides genuine assets and replaces them with bogus data. This combination innovation has won honours for its effectiveness in detecting and preventing ransomware and advanced attack strategies.
The Endpoint Detection Net (EDN) Suite from Attivo Networks is a part of the company’s identity detection and response (IDR) solution. As technology became available to detect identity theft, privilege escalation, and lateral movement threat actions in 2021, IDR solutions were increasingly prevalent. The EDN solution offered by the company contains the following features: