sb-au logo
Story image

Attivo Networks bolsters Google Cloud’s Managed Service for Microsoft Active Directory

07 Apr 2020

Attivo Networks has opened up its ADSecure solution for use with Google Cloud’s Managed Service for Microsoft Active Directory (AD).

Active Directory is a common tool to help businesses organise their users, services, and computers. However because it is a centralised directory that can help people understand networks and gain privileges, it’s a popular target for cyber attackers.

“With more and more organisations moving to the cloud, there is a heightened need to protect their directory services located in the cloud,” comments Attivo Networks VP of product management, Marc Feghali.

Attivo Networks states that its ADSecure solution operates without altering the production AD. It is able to detect unauthorised queries within a managed AD service. This, in turn, can reduce ‘successful enumeration’ risk.

The company explains in more detail that the solution is able to alter a query response and return deceptive objects that misdirect attackers to a decoy when they try to use them. 

“By detecting unsanctioned access to AD, security teams receive alerts early in the attack lifecycle, and the attacker is less likely to get the critical AD information they were seeking,” the company states.

ADSecure is also designed to reduce an attack surface by misdirecting attackers into a deception environment that safely gathers TTPs (Tactics, Techniques, and Procedures). This trap can help businesses to develop specific threat intelligence and accelerated response. 

“For Google Cloud customers that are using a managed Active Directory service, the additional protection of ADSecure helps keep attackers from successfully querying Cloud Service Objects, domain controllers, Cloud OU resources like privileged users, computer groups, service accounts, and built-in privileged groups,” says Feghali.

Google Cloud product manager Siddharth Bhai says, "Customers are using our service to simplify AD deployment, management, and security in the cloud without managing infrastructure.

Bhai says customers can now use ADSecure to reduce the risk of attack escalations against their AD deployments.

Attivo Networks recently announced an integration with Microsoft to integrate its ThreatDefend platform with Azure IoT Edge.

According to the two companies, the joint solution enables organisations to deploy Azure IoT modules that can become ‘decoys’ for threat protection. 

When attackers attempt to target IoT edge devices, they will discover assets that appear identical to production systems. Any active observation will cause the attack to be redirected into the deception environment. The solution then raises an engagement-based alert that automatically notifies the Azure Security Center. 

The solution also gathers forensics and company-specific intelligence on the attack, which can be used to improve the organisation’s security systems. 

Story image
Forescout and ServiceNow advance tech partnership to protect critical infrastructure
Forescout and ServiceNow have announced they are advancing their partnership for enhanced operational technology (OT) and industrial IoT capabilities, with an aim of helping organisations to protect critical infrastructure from cyber threats.More
Story image
Network intelligence is stopping a wave of DDoS misdiagnosis
Security teams already know the value of a layered defence; it’s time to add more layers, writes ThousandEyes principal solutions analyst Mike Hicks.More
Story image
Three-in-one cloud security can ease business through difficult times
By leveraging a comprehensive security platform, organisations can block threats and prevent leakage for all interaction between endpoints, devices and apps, writes Bitglass product marketing manager Juan Lugo. More
Story image
Fortinet holds position as fastest-growing SD-WAN vendor
According to a new Omida report, the company has seen a 247% revenue growth year-on-year. Plus, Fortinet announces Fortigate 80F.More
Story image
Fortinet unveils firewall offering for hyperscale & 5G environments
The company continues to push the boundaries of hardware-accelerated performance for security and networking convergence.More
Story image
Interview: Acronis co-founder on going all-in for DLP
Data-loss prevention (DLP) strategies are a cornerstone of wider cybersecurity ecosystems, especially to counter the risks of remote working. Acronis co-founder Stas Protassov explains its significance and why it acquired a DLP powerhouse.More