ThreatDefend protects against Active Directory enumeration and ransomware by hiding files, AD objects, folders, mapped network and cloud shares, and removable drives so attackers can’t find the data or access it for encryption.
Attivo ThreatDefend offers value and ROI as an early detection system of attacker reconnaissance, credential harvesting, privilege escalation, and lateral movement, considerably reducing dwell time and disrupting an attacker’s ability to complete their mission. Customers gain immediate value from in-network active observation, threat engagement, and the ability to provide the substantiated detail required to identify infected systems and block and quarantine threats.
Attivo leverages MITRE ATT&CK, which offers an excellent framework for showing coverage against attack techniques and tactics. The platform covers 11 of 12 tactics and 72 techniques, the most of any deception provider. MITRE also has MITRE Shield, which defines a framework for creating an Active Defense. Attivo covers 27 of 33 techniques and 123 of 190 use cases. ThreatDefend for a 1,000-person company starts at around $50,000.
Some other product highlights include protection of Active Directory by hiding AD objects and returning fake data to unauthorized queries, stopping ransomware attacks by data cloaking that hides and denies access, and preventing endpoint fingerprinting by redirecting inbound and outbound connection attempts that touch closed ports to decoys for engagement.
“ThreatDefend alerts are based upon attacker techniques and aren’t reliant on signatures, hashes, or database lookup, like most legacy security products,” the company said in its entry. “Thus, it does not require constant database updates, and generally, there are two major software updates per year. Updates are included as part of the support agreement and easily downloaded through a support portal.”