CIO Influence
CIO Influence News Cloud Security

Attivo Networks Brings Identity Security to the Next Level with a New Method of Credential Protection

Attivo Networks Honors Its Global Partners In Cybersecurity Innovation With Its Annual Excellence Awards
Company expands its Identity Detection and Response portfolio with Credential Cloaking and Policy-based Application Access

Attivo Networks, the leader in identity detection and response, announced a revolutionary new way of protecting credentials from theft and misuse. As part of its Endpoint Detection Net (EDN) Suite, the ThreatStrike functionality allows organizations to hide real credentials from attacker tools and bind them to their applications. Additionally, the solution can show decoy credentials that facilitate threat intelligence gathering when left as bait. With this new functionality, Attivo becomes the only solution of its kind to cloak real credentials from attackers.

A credential-based attack occurs when an attacker steals credentials, extends privileges, and compromises critical data. Credential theft is the first stage of a lateral movement attack and stopping the attack early in the process can make a material impact on the success and damages incurred by an attacker.

Recommended ITech News: Dynatrace Named Leader and Outperformer in GigaOm Radar for AIOps Solutions

According to Verizon’s 2021 Data Breach Investigation Report, credentials remain among the most sought-after data types by attackers (60%). Stolen Credentials have been behind some of the largest and most costly data breaches.

The Attivo ThreatStrike cloaking hides and denies unauthorized access to applications. For example, only Chrome will have access to its credential store, and all other applications won’t. The product launches with support for 75 of the most popular Windows applications that attackers target, with a plan to add more applications in the future.

“The benefit of credential protection is that only allowed system software can access them,” said Srikant Vissamsetti, senior vice president of engineering at Attivo Networks. “Customers will benefit from the prevention of unauthorized access, which can lead to credential theft attacks, such as Pass-the-Hash, Pass-The-Ticket, and Password Theft that can be extremely difficult to detect and stop.”

Recommended ITech News: A10 Networks Expands Security Portfolio Capabilities to Bolster Zero Trust Architectures

This new capability directly addresses sophisticated attack techniques as outlined in the MITRE ATT&CK Credential Access Tactic, such as OS Credential Dumping (T1003), Credentials from Password Store (T1555), Unsecured Credentials (T1552), Steal or Forge Kerberos Tickets (T1558) and Steal Web Session Cookie (T1539).

With endpoint credentials now hidden from attacker view, the ThreatStrike solution plants bait on the endpoint, designed to appear as popular production Windows, Mac, and Linux credentials. As threat actors conduct reconnaissance, these lures will appear as attractive bait for in-network attackers to steal.

“The growing risk of credential theft attacks and misuse is the root cause of many modern cyber incidents,’ said Ed Amoroso founder and CEO of TAG Cyber. ‘The recent Verizon Data Breach Report, for example, underscores stolen credentials as a top target for attackers. This challenge in the market is fueling the need to reduce credential risk by managing entitlements in the context of an authorization model. With the introduction of credential cloaking and policy-based application access, Attivo Networks is well-positioned to emerge as a significant player in the identity detection and response market.”

Recommended ITech News: Renesas Reimagines Remote Design With Enhanced Lab on the Cloud Environment

The addition of credential cloaking also adds to the company’s stack of cloaking technology. The company can currently cloak Active Directory objects, as well as files, folders, network, and cloud mapped shares, and removable drives. This technology is distinctly different from traditional deception technology that weaves fake objects amongst real ones. Cloaking technology hides real assets and puts fake data in its place. This combined innovation has received recognition and awards for its efficacy in identifying and deterring both ransomware and advance attack tactics.

The Attivo Networks Endpoint Detection Net (EDN) Suite is a component of the company’s identity detection and response (IDR) offering. IDR solutions grew popular in 2021 as the technology became available to detect identity theft, privilege escalation, and lateral movement threat activities. The company’s EDN solution includes:

  • ThreatStrike: for credential protection
  • ADSecure: for Active Directory protection
  • ThreatPath®: for credential attack path visibility and attack surface reduction
  • Deflect: prevents fingerprinting of endpoints to identify targets and vulnerabilities to exploit
  • Central Management: manages EDN and comes with the ability, through licensing, to add visibility to Active Directory and cloud entitlement exposures and vulnerabilities

Recommended ITech News: New ClearOne CONVERGENCE Cloud AV Manager Creates New Revenue Generating Opportunity for Partners

Related posts

Navitas Drives Xiaomi Redmi K50 Mercedes-AMG Petronas F1 Gaming Phone

CIO Influence News Desk

CIO Influence Interview with Anuj Jaiswal, Vice President of Products at Fortanix

Rishika Patel

Palo Alto Networks NextWave Program Empowers the Threat Response Community With XDR for Incident Response Fueled by MSSP Demand

CIO Influence News Desk

Leave a Comment