What Active Directory means for the attacker?
Everyone knows what active directory means, but not really knows how valuable is it to the attacker. In less than 5 minutes you will know the root of every APT attack.
The Solution: Javelin AD|Protect
Javelin AD|Protect, A.I.-driven platform, protects the Active Directory and provides autonomous breach prevention and containment, incident response, and threat hunting capabilities. By combining A.I., obfuscation and advanced forensics methodologies right at the point of breach, AD|Protect can respond automatically and in real time to contain the attack.
It’s the only agentless solution that immediately contains attackers after they compromise a machine, preventing them from using Active Directory credentials and moving laterally into the network. Javelin greatly reduces the effort, time and error involved in detecting and containing a breach.
Applying reverse IR methods, specifically designed for a Corporate Domain environment, Javelin determines if the attack is just a local incident or part of a larger effort across the organization. AD-Protect further protects the organization by autonomously and continuously probing and fixing the environment for misconfiguration or Domain attack persistency.
Credential Theft and Use
No additional cost. Our company believes in a model where extras are included.
Included features for Javelin AD Protect:
Protects and obfuscates credentials
Enhances real time detection of attacker to seconds from days/weeks/years.
Provides session analysis of popular attacks and others like:
Pass the ticket
Pass the hash
Over pass the hash
How It Works
Agentless, Appliance-less, attacker detection
Autonomous forensics, containment
By protecting the Active Directory
At the endpoint
The endpoint is the most common breach avenue to Active Directory and Domain Admin. AD Protect controls the attacker’s perception of locally stored credentials, internal resources, and Active Directory topology. This includes all endpoints, servers, users and applications. Delivered right at the point of breach, infinitely, AD Protect is not bound by legacy concepts that create traps or lures. Javelin Networks unique delivery uses an appliances-less, agentless technology.
Attackers are detected live on the endpoint and memory and file system forensics are launched. In this way, containment is policy driven. The obfuscated Active Directory has no user impact, no business impact, and no performance impact. The endpoint—the most commonly exploited attack vector—operates as normal and is rendered a complete giveaway to the real-time threat.
IR, Hunting and Breach Containment
Answers the questions: What did I miss? How can my prevention be better?
AD Protect gathers forensics data on the breach during detection of the patient zero and hunts other entry points that may be unused. Attackers may use one door at a time; the defender needs to look for all of them upon breach. Orchestrated hunting drives autonomous containment of the breach when multiple patient machines are involved.
The platform detects the attacker’s method of credential theft, recon, and lateral movement. These bypass zero-day detection methodology. Pre-zero-day means undiscovered or discovered is not relevant. This information can be used to drive intelligence back into the security program. This allows AD Protect to not be bound by traditional methodology of “detection based on discovery” of malware and exploits (whether fileless or not is irrelevant). AD Protect will identify tradecraft during the most crucial phases of the kill chain: where an attacker has compromised an endpoint.
Most believe EDR is effective here, but these solutions cannot address the Active Directory native vulnerabilities that the attackers are exploiting. It requires a new line of thinking—that of an attacker.
Think like a hacker. Use their methods.
A.I. learns all the attributes of the topology and controls the attacker’s perception of the domain environment through obfuscation. When an attacker interacts with the obfuscation, they give themselves away. This results in TRUE POSITIVE alerts as legitimate users should not find themselves in the obfuscation. Insider threats can also be identified here as they perform reconnaissance.
Without changing your Active Directory
Think like a hacker. Give up legacy concepts.
Business Benefits to thinking like a hacker:
Easy to deploy
No AD, endpoint, or network changes
No additional resources or FTEs
No user friction or business impact
Minimal infrastructure needed, one virtual appliance per 20k hosts
Easy to manage
No ongoing maintenance
Automatic AI driven topology updates
Upgrades are only for virtual appliance
Easy to use
No false positives
No alert fatigue
Forensics generated automatically
Identify AD vulnerabilities
Identify AD backdoors
Fool attackers into identifying themselves
Laser focused forensics
Real-time Automatic breach containment
Controls the attacker’s perception of credentials and topology with Infinite Obfuscation of AD
Agentless Memory Manipulation – Ability to project an infinite obfuscation on all domain assets.
Automated Memory Forensics – Use of artificial intelligence to trigger Incident Response to automatically pull forensics from memory on a compromised host, including even the shell commands that were run.
Real-time Breach Containment – Automated mitigation to take action and contain the breach in real time.
Continuous AD Dark Corners Assessment – Leverage artificial intelligence to continuously probe for domain persistency on all DC’s and endpoints; find vulnerabilities and backdoors.
Real-time detection while ensuring authenticity of data presented to attacker with minimal effort adapting to any resource.
Scalable coverage across all assets in an enterprise organization without changing the infrastructure.
Cut through the noise, ensuring only relevant IOC and forensic data is captured, and significantly reduces time and effort to investigate a breach.
Allows for hands-free response including quarantine and termination of stealthy communications internally (Named Pipes) or externally (C&C).
Ensures backdoors and other techniques used by attackers to establish persistently in a domain environment are prevented.