A popular target for attackers, Microsoft Active Directory will receive additional protection as part of a new offer announced Thursday by Attivo Networks. The company’s ADSecure-DC solution extends its Active Directory protection to non-Windows endpoints.
About a year ago, Attivo introduced a terminal product capable of detecting suspicious attempts to query Active Directory, intercepting requests and diverting them from their path. “This was done on every Windows machine on the endpoint,” says Carolyn Crandall, Attivo Security Manager and CMO, “but there are situations where you have Linux, Mac, or IoT devices where you can’t not load the Windows agent, or you don’t want to load an agent on a Windows endpoint Now, with AD Secure Domain Controller, attacks can be detected from unmanaged devices.
“With ADSecure-DC, the agent resides on the domain controller itself,” adds Steve Griffiths, Senior Product Architect, Active Directory. “When the endpoint queries the domain controller, the same activity continues but it happens at the domain controller.”
In addition to identifying enumeration and attacks targeting Active Directory, ADSecure-DC also detects suspicious user behavior using deep packet inspection and behavior analysis, as well as broadcast high fidelity alerts.
Wide usage makes Active Directory an attractive target
Active Directory is used by 90% businesses around the world, contributing to its popularity as an attack vector for digital hackers. It also contains a treasure trove of attractive data for attackers. “As a database that maps and controls user profiles, network resources, and services, it not only contains a wealth of information about all users, but also all the resources they can access,” says Tony Anscombe, Chief Security Evangelist at ESET, an information technology security company.
Once attackers compromise Active Directory, they can elevate privileges, modify security and group policies, and encrypt domain controllers. “Domain controllers provide the intelligence to know what users can access and control their authorization to be able to access those things,” Crandall said.
Copyright © 2022 IDG Communications, Inc.
Comments are closed.