Attivo Networks and SentinelOne are now working together to disrupt attacks from modern adversaries. By combining the two companies’ solutions, joint customers gain the ability to prevent endpoint compromises and disrupt an attacker’s attempts to gather credentials and perform reconnaissance activities that are needed for lateral movement. Additionally, Attivo Networks has joined the SentinelOne Singularity Partner Program, which creates a collaboration model for the two companies to work together to sell and support customers.
The joint solution creates a rich defence against even the most sophisticated attackers and will efficiently derail attacks targeted at today’s ever-expanding attack surface. When used together, the SentinelOne XDR platform prevents attackers from compromising an endpoint while the Attivo EDN suite prevents attackers from breaking out of that endpoint if they manage to get in.
Attivo and SentinelOne are collaborating around the following specific areas:
Active Directory Protection
Protecting Active Directory has become increasingly complex with pervasive access and a multitude of objects with varying levels of privilege and domain control. Monitoring and keeping this environment secure has become a significant challenge and comes with dire consequences when that control is lost to an attacker.
With ADSecure implemented, when an attacker queries AD, the attacker is prevented from gaining access and the SOC is immediately alerted to the active attack. In addition to the Attivo ADSecure solution hiding real results, it can also return misinformation that steers the attacker’s path away from the production environment. With ADSecure, organizations conceal valuable enterprise resource information, reduce the attack surface, and alter what the adversary sees as a means to slow and deter attacks. By controlling the path of an attacker, security teams can also gather Tactics, Techniques, and Procedures (TTPs) and company-specific threat intelligence for remediating exploited systems and fortifying defences. ADSecure does all this from the endpoint – without touching production AD Domain Controllers. ADSecure can be purchased as part of the EDN Suite or as a standalone product.
Credential Theft Detection
As attackers look for valuable targets, they will seek credentials to leverage to move laterally and escalate privileges. Over 60% of attacks are found to have used stolen credentials because they appear to be authorized employees and are difficult to detect.
The Attivo EDN solution resides on the endpoint as the first line of defence against credential theft. It uses machine learning to gather the information required to create authentic-looking credentials that mirror those used by employees and deploys these fake credentials and various other artifacts onto endpoints as lures for attackers. As soon as anybody uses the fake credentials (Windows, Mac, Linux, cloud, SaaS), the EDN solution detects them and diverts them away from real assets while raising high-fidelity alerts, reducing the time it takes the organization to detect and stop attackers.
Removal of Exposed Credentials
Gaining visibility into exposed, orphaned, or misused credentials on an endpoint can be challenging. Further, neglecting these credentials increases security risks and consequently expands the attack surface by creating paths for adversaries to leverage in their attacks.
The Attivo EDN suite provides continuous monitoring and reduction of the attack surface by identifying and automatically removing exposed credentials and local and shadow admin accounts left on endpoints that attackers can use to move laterally in the network. Security teams can also view historical data to see exposed critical paths, local administrator accounts, misconfigured SMB shares, browser credentials, and more. It takes little effort to deploy, so even organizations without a mature visibility program can immediately benefit from understanding their credential-based vulnerabilities and an attacker’s opportunities for lateral movement.