NETWRIX STEALTHDEFEND
catch complex attacks on the fly

Threat detection software from Netwrix to detect and respond to abnormal behavior and advanced attacks with high accuracy and speed

IT infrastructures are getting more complex and the volume of sensitive information stored there is skyrocketing. At the same time, the threat landscape is evolving rapidly, with attacks becoming more sophisticated and more costly. The question is not if your organization will be targeted, but when. How prepared are you to catch potential threats?

Detect even highly sophisticated attacks in real time.
The mean time to identify a breach is a staggering 197 days, and the longer attackers stay undetected, the more costly the incident. Make sure you have threat detection tools that can spot even the most complex and advanced attacks in their early stages, as well as insider threat detection that accurately identifies malicious behavior.
Automate the incident response process to prevent serious damage.
Ransomware and other attacks can unfold at lightning speed. Shut them down immediately with automated response to specific threat indicators — tactics, techniques and procedures that attackers commonly leverage to compromise your Active Directory and file system data.
Empower your security teams to effectively investigate and report on incidents.
Get comprehensive visibility into all security events related to an incident so you can determine what needs to be recovered, how the incident started and unfolded, and how to improve data security in your IT environment.

Detect threats and contain the damage across your most important systems

Active Directory
Windows File Servers
Dell EMC
NetApp
Nutanix Files
Qumulo
Nansuni
Panzura
Hitachi NAS

Minimize the time to detect and respond to complex security incidents

Feature Icon 0
Real-time alerting
Improve your threat management processes and know about anything suspicious happening in your network, whether it’s an external attack or an insider threat, with real-time alerts delivered via email or mobile notifications,
Feature Icon 1
Integration with other security technologies
Maximize the value of your investments and enhance security across the IT ecosystem by sharing data between Netwrix StealthDEFEND and your SIEM and other security solutions.
Feature Icon 2
Automated response
Respond immediately upon threat detection by taking advantage of the extensive catalog of preconfigured response actions, or by integrating Netwrix StealthDEFEND with your own business processes using PowerShell or webhook facilities.
Feature Icon 3
Machine learning and user behavior analytics
Fine-tune your threat detection by building profiles of normal user behavior and then monitoring and analyzing events to spot truly suspicious activity in the vast sea of user activity.
Feature Icon 4
Deception tools
Enhance your threat intelligence by luring attackers into a honeypot where you can study their tactics and keep them away from your valuable assets. Built-in capabilities make deployment and management simple.
Feature Icon 5
Auto-adjusting to risk behaviors
Automatically have your privileged users, groups, data and resources tagged as sensitive, so the ratings of security risk when abnormal behavior occurs around them get adjusted appropriately.
Feature Icon 6
Comprehensive investigations
Easily gather the entire timeline of related events that comprised an attack to simplify investigation, threat analysis and recovery.
Feature Icon 7
User-defined threats
Easily define threats specific to your organization or vertical. Reduce false positives by fine-tuning rules, logic and criteria to smoothly handle exclusions.
Datasheet
Netwrix StealthDEFEND
Find out how Netwrix can help you detect advanced attacks in real time and contain the damage.
FAQ Image
What file system threats can Netwrix StealthDEFEND detect and respond to? 
Netwrix StealthDEFEND can detect and respond to a number of file system threat models, including but not limited to:
· Ransomware activity
· Abnormal user behavior
· Unusual sensitive data access
· Unusual process execution
· Suspicious encryption activity
· Data exfiltration attempts
· Mass file deletions
· First-time access
· Suspicious permission changes
· Abnormal denied activity
· Configuration file tampering
· Lateral movement
What Active Directory threats can Netwrix StealthDEFEND detect and respond to?
Netwrix StealthDEFEND can detect and respond to a number of Active Directory threat models, including but not limited to:
· DCShadow
· DCSync
· Golden Ticket
· Kerberoasting
· LSASS process injection
· Password spraying
· Replication permissions tampering
· AdminSDHolder ACL tampering
· Pass-the-Ticket attacks
· Group Managed Service Account (GMSA) exploitation
· Forged PAC
· LDAP reconnaissance
· NTDS.dit, plaintext password extraction
· Silver Ticket
· SID History tampering
· Anomalous authentications, including indicators of pass-the-hash attacks
· Hidden Object
· Service account misuse
Is Netwrix StealthDEFEND secure?
Netwrix StealthDEFEND allows you to leverage any one-time password (OTP) solution supporting RADIUS for console access and configuration activities, so you can be sure the access to the console is secure.
What if I have a question or run into a problem?
Don’t worry! In case of non-technical questions about our products, simply contact your account manager. For technical issues, reach out to our U.S.-based customer support team, which has earned a solid 97% satisfaction rate.