Active Directory Protection

Active Directory is one of the highest value assets in your network, and therefore a prime target for attack. However Security teams usually aren’t part of the AD change control process, and aren’t in a good position to evaluate how well secured their domain controllers and AD objects are. Active Directory is extremely complex, and is often operated by people without a high degree of security experience. Poor AD configuration hygiene can easily lead to compromise.

Acalvio protects Active Directory in three ways:

  • InSights – Evaluates AD objects and identifies risks automatically
  • Deception Decoys and Breadcrumbs – Obfuscates domain controllers and exposes attempts to attack AD infrastructure
  • Cached Credential Clean Up – Reduces attack surface and diverts attackers from AD

AD InSights

Active Directory InSights, a module within the ShadowPlex platform, continuously evaluates Active Directory objects and configuration, exposing risk.

InSights provides an attacker’s view of Active Directory, to pinpoint the highest risks

Unlike most alternatives, InSights exposes the attacker’s view of Active Directory, using AI to identify high-risk configurations for all object types:

  • Users (including privileged users and domain admins)
  • Computers
  • Groups
  • GPOs

Over 40 classes of risk are monitored across the four object types. Rather than wasting time looking for issues, Security analysts are presented with Critical insights that should be dealt with immediately, while less important observations are collected for review when resources permit.

Active Directory Deception Decoys and Breadcrumbs

ShadowPlex’s Autonomous Deception deploys fake AD objects (e.g. Users and Computers), Domain Controllers and even entire Forests that obfuscate the actual AD infrastructure. This makes it harder and slower for attackers to locate and compromise Active Directory, and gives defenders more opportunity to detect them and respond.

Cached Credential Clean Up

Privileged cached credentials create the potential for significant breaches of enterprise data assets. ShadowPlex can automatically delete cached enterprise credentials with administrator privileges on the endpoints. By removing real credentials and introducing decoy credentials, ShadowPlex diverts the attacks to decoys from enterprise assets.

Next Steps

Explore our patented technologies to enable Active Defense in your enterprise.