sb-eu logo
Story image

Attivo Networks bolsters Google Cloud’s Managed Service for Microsoft Active Directory

07 Apr 2020

Attivo Networks has opened up its ADSecure solution for use with Google Cloud’s Managed Service for Microsoft Active Directory (AD).

Active Directory is a common tool to help businesses organise their users, services, and computers. However because it is a centralised directory that can help people understand networks and gain privileges, it’s a popular target for cyber attackers.

“With more and more organisations moving to the cloud, there is a heightened need to protect their directory services located in the cloud,” comments Attivo Networks VP of product management, Marc Feghali.

Attivo Networks states that its ADSecure solution operates without altering the production AD. It is able to detect unauthorised queries within a managed AD service. This, in turn, can reduce ‘successful enumeration’ risk.

The company explains in more detail that the solution is able to alter a query response and return deceptive objects that misdirect attackers to a decoy when they try to use them. 

“By detecting unsanctioned access to AD, security teams receive alerts early in the attack lifecycle, and the attacker is less likely to get the critical AD information they were seeking,” the company states.

ADSecure is also designed to reduce an attack surface by misdirecting attackers into a deception environment that safely gathers TTPs (Tactics, Techniques, and Procedures). This trap can help businesses to develop specific threat intelligence and accelerated response. 

“For Google Cloud customers that are using a managed Active Directory service, the additional protection of ADSecure helps keep attackers from successfully querying Cloud Service Objects, domain controllers, Cloud OU resources like privileged users, computer groups, service accounts, and built-in privileged groups,” says Feghali.

Google Cloud product manager Siddharth Bhai says, "Customers are using our service to simplify AD deployment, management, and security in the cloud without managing infrastructure.

Bhai says customers can now use ADSecure to reduce the risk of attack escalations against their AD deployments.

Attivo Networks recently announced an integration with Microsoft to integrate its ThreatDefend platform with Azure IoT Edge.

According to the two companies, the joint solution enables organisations to deploy Azure IoT modules that can become ‘decoys’ for threat protection. 

When attackers attempt to target IoT edge devices, they will discover assets that appear identical to production systems. Any active observation will cause the attack to be redirected into the deception environment. The solution then raises an engagement-based alert that automatically notifies the Azure Security Center. 

The solution also gathers forensics and company-specific intelligence on the attack, which can be used to improve the organisation’s security systems. 

Story image
Malware attacks abusing machine identities grew eightfold over the last 10 years - report
"Machine identity capabilities have become commoditised and are being added to off-the-shelf malware, making it more sophisticated and harder to detect."More
Story image
Cyber criminals turn to Gmail and AOL to advance attacks
“Securing oneself against this threat requires organisations to take protection matters into their own hands - this requires them to invest in sophisticated email security that leverages artificial intelligence to identify unusual senders and requests."More
Story image
Video: 10 Minute IT JamsAttivo Networks on threat detection using deception
Attivo Networks is a US-based technology vendor in the cybersecurity space. The company focuses on threat detection and deception.More
Story image
Slack unveils new security features as remote working skyrockets
Slack has introduced new security features, integrations and certifications to its platform in response to growing security concerns as more people work remotely.More
Story image
Reports suggest spike in vaccine-related phishing campaigns
According to new research from Check Point, the primary attack delivery method is email, constituting 82% of all attack vectors for malicious files in the last month.More
Story image
Just 6,000 accounts responsible for over 100,000 email attacks - report
Barracuda has today released a report detailing how 6,170 malicious accounts that use Gmail, AOL, and other email services were responsible for more than 100,000 business email compromise (BEC) attacks on nearly 6,600 organisations. More