The cyber industry focuses on defending endpoints, applications, network, mobile devices, etc.
Yet Active Directory—a database containing all information about all users, servers, endpoints and applications inside the corporation—is exposed by design, remaining entirely unprotected.
Active Directory is used by 9 out of 10 companies around the world and is freely accessible to attackers anytime, from any machine connected to the domain. It only takes ONE compromised endpoint connected to a corporate domain to jeopardize the entire organization.
The Solution: Javelin AD|Protect
Javelin AD|Protect, A.I.-driven platform, protects the Active Directory and provides autonomous breach prevention and containment, incident response, and threat hunting capabilities. By combining A.I., obfuscation and advanced forensics methodologies right at the point of breach, AD|Protect can respond automatically and in real time to contain the attack.
It’s the only agentless solution that immediately contains attackers after they compromise a machine, preventing them from using Active Directory credentials and moving laterally into the network. Javelin greatly reduces the effort, time and error involved in detecting and containing a breach.
Applying reverse IR methods, specifically designed for a Corporate Domain environment, Javelin determines if the attack is just a local incident or part of a larger effort across the organization. AD-Protect further protects the organization by autonomously and continuously probing and fixing the environment for misconfiguration or Domain attack persistency.
Credential Theft and Use
No additional cost. Our company believes in a model where extras are included.
Included features for Javelin AD Protect:
Protects and obfuscates credentials
Enhances real time detection of attacker to seconds from days/weeks/years.
Provides session analysis of popular attacks and others like:
Pass the ticket
Pass the hash
Over pass the hash
How It Works
Agentless, Appliance-less, attacker detection
Autonomous forensics, containment
By protecting the Active Directory
At the endpoint
The endpoint is the most common breach avenue to Active Directory and Domain Admin. AD Protect controls the attacker’s perception of locally stored credentials, internal resources, and Active Directory topology. This includes all endpoints, servers, users and applications. Delivered right at the point of breach, infinitely, AD Protect is not bound by legacy concepts that create traps or lures. Javelin Networks unique delivery uses an appliances-less, agentless technology.
Attackers are detected live on the endpoint and memory and file system forensics are launched. In this way, containment is policy driven. The obfuscated Active Directory has no user impact, no business impact, and no performance impact. The endpoint—the most commonly exploited attack vector—operates as normal and is rendered a complete giveaway to the real-time threat.
IR, Hunting and Breach Containment
Answers the questions: What did I miss? How can my prevention be better?
AD Protect gathers forensics data on the breach during detection of the patient zero and hunts other entry points that may be unused. Attackers may use one door at a time; the defender needs to look for all of them upon breach. Orchestrated hunting drives autonomous containment of the breach when multiple patient machines are involved.
The platform detects the attacker’s method of credential theft, recon, and lateral movement. These bypass zero-day detection methodology. Pre-zero-day means undiscovered or discovered is not relevant. This information can be used to drive intelligence back into the security program. This allows AD Protect to not be bound by traditional methodology of “detection based on discovery” of malware and exploits (whether fileless or not is irrelevant). AD Protect will identify tradecraft during the most crucial phases of the kill chain: where an attacker has compromised an endpoint.
Most believe EDR is effective here, but these solutions cannot address the Active Directory native vulnerabilities that the attackers are exploiting. It requires a new line of thinking—that of an attacker.