Freely subscribe to our NEWSLETTER

FREMONT, Calif. – September 8, 2021 – Attivo Networks®, the leader in identity detection and response, today announced a revolutionary new way of protecting credentials from theft and misuse. As part of its Endpoint Detection Net (EDN) Suite, the ThreatStrike® functionality allows organizations to hide real credentials from attacker tools and bind them to their applications. Additionally, the solution can show decoy credentials that facilitate threat intelligence gathering when left as bait. With this new functionality, Attivo becomes the only solution of its kind to cloak real credentials from attackers.

A credential-based attack occurs when an attacker steals credentials, extends privileges, and compromises critical data. Credential theft is the first stage of a lateral movement attack and stopping the attack early in the process can make a material impact on the success and damages incurred by an attacker.

According to Verizon’s 2021 Data Breach Investigation Report, credentials remain among the most sought-after data types by attackers (60%). Stolen Credentials have been behind some of the largest and most costly data breaches.

The Attivo ThreatStrike cloaking hides and denies unauthorized access to applications. For example, only Chrome will have access to its credential store, and all other applications won’t. The product launches with support for 75 of the most popular Windows applications that attackers target, with a plan to add more applications in the future.

This new capability directly addresses sophisticated attack techniques as outlined in the MITRE ATT&CK Credential Access Tactic, such as OS Credential Dumping (T1003), Credentials from Password Store (T1555), Unsecured Credentials (T1552), Steal or Forge Kerberos Tickets (T1558) and Steal Web Session Cookie (T1539).

With endpoint credentials now hidden from attacker view, the ThreatStrike solution plants bait on the endpoint, designed to appear as popular production Windows, Mac, and Linux credentials. As threat actors conduct reconnaissance, these lures will appear as attractive bait for in-network attackers to steal.

The addition of credential cloaking also adds to the company’s stack of cloaking technology. The company can currently cloak Active Directory objects, as well as files, folders, network, and cloud mapped shares, and removable drives. This technology is distinctly different from traditional deception technology that weaves fake objects amongst real ones. Cloaking technology hides real assets and puts fake data in its place. This combined innovation has received recognition and awards for its efficacy in identifying and deterring both ransomware and advance attack tactics.

The Attivo Networks Endpoint Detection Net (EDN) Suite is a component of the company’s identity detection and response (IDR) offering. IDR solutions grew popular in 2021 as the technology became available to detect identity theft, privilege escalation, and lateral movement threat activities. The company’s EDN solution includes:

– ThreatStrike: for credential protection
– ADSecure: for Active Directory protection
– ThreatPath®: for credential attack path visibility and attack surface reduction
– Deflect: prevents fingerprinting of endpoints to identify targets and vulnerabilities to exploit
– Central Management: manages EDN and comes with the ability, through licensing, to add visibility to Active Directory and cloud entitlement exposures and vulnerabilities