Attivo Networks bolsters Google Cloud’s Managed Service for Microsoft Active Directory
Attivo Networks has opened up its ADSecure solution for use with Google Cloud’s Managed Service for Microsoft Active Directory (AD).
Active Directory is a common tool to help businesses organise their users, services, and computers. However because it is a centralised directory that can help people understand networks and gain privileges, it’s a popular target for cyber attackers.
“With more and more organisations moving to the cloud, there is a heightened need to protect their directory services located in the cloud,” comments Attivo Networks VP of product management, Marc Feghali.
Attivo Networks states that its ADSecure solution operates without altering the production AD. It is able to detect unauthorised queries within a managed AD service. This, in turn, can reduce ‘successful enumeration’ risk.
The company explains in more detail that the solution is able to alter a query response and return deceptive objects that misdirect attackers to a decoy when they try to use them.
“By detecting unsanctioned access to AD, security teams receive alerts early in the attack lifecycle, and the attacker is less likely to get the critical AD information they were seeking,” the company states.
ADSecure is also designed to reduce an attack surface by misdirecting attackers into a deception environment that safely gathers TTPs (Tactics, Techniques, and Procedures). This trap can help businesses to develop specific threat intelligence and accelerated response.
“For Google Cloud customers that are using a managed Active Directory service, the additional protection of ADSecure helps keep attackers from successfully querying Cloud Service Objects, domain controllers, Cloud OU resources like privileged users, computer groups, service accounts, and built-in privileged groups,” says Feghali.
Google Cloud product manager Siddharth Bhai says, "Customers are using our service to simplify AD deployment, management, and security in the cloud without managing infrastructure.
Bhai says customers can now use ADSecure to reduce the risk of attack escalations against their AD deployments.
Attivo Networks recently announced an integration with Microsoft to integrate its ThreatDefend platform with Azure IoT Edge.
According to the two companies, the joint solution enables organisations to deploy Azure IoT modules that can become ‘decoys’ for threat protection.
When attackers attempt to target IoT edge devices, they will discover assets that appear identical to production systems. Any active observation will cause the attack to be redirected into the deception environment. The solution then raises an engagement-based alert that automatically notifies the Azure Security Center.
The solution also gathers forensics and company-specific intelligence on the attack, which can be used to improve the organisation’s security systems.