Honeytokens Provide StealthDEFEND Users a New Tool for Detecting and Preventing Active Directory Credential Theft in Version 2.1
Stealthbits, now part of Netwrix, today announced the release of StealthDEFEND 2.1, their real-time threat detection and response platform.
Commonly used and highly successful credential compromise techniques like Pass-the-Hash and Pass-the-Ticket are notoriously difficult to detect amidst the noise of everyday activities within Active Directory. To an observer, they appear to be legitimate authentication events, and to Active Directory, they are. However, the use of deception methods like honeypots have proven to be particularly effective in capturing less savvy or careless attackers at a minimum, allowing security practitioners to proactively detect and thwart attempts to compromise their credentials and the resources they provide access to.
In StealthDEFEND 2.1, users now have the ability to employ a useful and effective application of the honeypot concept within Active Directory domains using centrally managed honeytokens. Overcoming the manual hurdles and complexities administrators have had to deal with in the past when trying to leverage honeytokens, StealthDEFEND allows users to create, configure, deploy, and manage honeytokens in bulk and at scale. The result is the creation of a digital trip wire throughout an organization’s infrastructure, providing an early warning alert that allows security teams to respond quickly and with confidence. With reduced time to detection potentially earlier in the kill chain, organizations can dramatically mitigate the risks and impact of successful data breach outcomes.
With Honeytokens, users will be able to inject fake credentials into system memory. The level of configuration and customization we provide makes the honeytokens appear to be legitimate to an attacker, but will actually trigger an alarm if the attacker attempts to use or find information about the account. In combination with the other threat detection and response components of StealthDEFEND, Honeytokens flip the script on the attacker, enabling the ‘deceived’ to become the ‘deceivers’.
Rod Simmons, VP of Product Strategy over Stealthbits’ Active Directory solution portfolio
Additionally, StealthDEFEND 2.1 provides users with multiple performance and functionality improvements, including:
- AD Replication Permissions Threat Alerting
- Improved Internal Product Audit Logging
- AD Sync Enhancements
- And more...
Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect, respond to and recover from attacks, limiting their impact. More than 13,500 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure.
For more information, visit www.netwrix.com.
Your questions and feedback are always welcome. Please dial our toll-free number: 888 - 638 - 9749, or enter your question details here and we will reply as soon as possible.
Erin Jones, Avista PR for Netwrix
Phone: 704 - 664 - 2170