Honeytokens Provide StealthDEFEND Users a New Tool for Detecting and Preventing Active Directory Credential Theft in Version 2.1
Stealthbits, now part of Netwrix, today announced the release of StealthDEFEND 2.1, their real-time threat detection and response platform.
Commonly used and highly successful credential compromise techniques like Pass-the-Hash and Pass-the-Ticket are notoriously difficult to detect amidst the noise of everyday activities within Active Directory. To an observer, they appear to be legitimate authentication events, and to Active Directory, they are. However, the use of deception methods like honeypots have proven to be particularly effective in capturing less savvy or careless attackers at a minimum, allowing security practitioners to proactively detect and thwart attempts to compromise their credentials and the resources they provide access to.
In StealthDEFEND 2.1, users now have the ability to employ a useful and effective application of the honeypot concept within Active Directory domains using centrally managed honeytokens. Overcoming the manual hurdles and complexities administrators have had to deal with in the past when trying to leverage honeytokens, StealthDEFEND allows users to create, configure, deploy, and manage honeytokens in bulk and at scale. The result is the creation of a digital trip wire throughout an organization’s infrastructure, providing an early warning alert that allows security teams to respond quickly and with confidence. With reduced time to detection potentially earlier in the kill chain, organizations can dramatically mitigate the risks and impact of successful data breach outcomes.
With Honeytokens, users will be able to inject fake credentials into system memory. The level of configuration and customization we provide makes the honeytokens appear to be legitimate to an attacker, but will actually trigger an alarm if the attacker attempts to use or find information about the account. In combination with the other threat detection and response components of StealthDEFEND, Honeytokens flip the script on the attacker, enabling the ‘deceived’ to become the ‘deceivers’.
Rod Simmons, VP of Product Strategy over Stealthbits’ Active Directory solution portfolio
Additionally, StealthDEFEND 2.1 provides users with multiple performance and functionality improvements, including:
- AD Replication Permissions Threat Alerting
- Improved Internal Product Audit Logging
- AD Sync Enhancements
- And more...
Netwrix makes data security easy thereby simplifying how professionals can control sensitive, regulated and business-critical data, regardless of where it resides. More than 11,500 organizations worldwide rely on Netwrix solutions to secure sensitive data, realize the full business value of enterprise content, pass compliance audits with less effort and expense, and increase the productivity of IT teams and knowledge workers.
Founded in 2006, Netwrix has earned more than 150 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.
For more information, visit www.netwrix.com.
Your questions and feedback are always welcome. Please dial our toll-free number: 888 - 638 - 9749, or enter your question details here and we will reply as soon as possible.
Erin Jones, Avista PR for Netwrix
Phone: 704 - 664 - 2170