Attackers Go for the Heart of an Organization

The cyber industry focuses on defending endpoints, applications, network, mobile devices, etc.

Yet Active Directory—a database containing all information about all users, servers, endpoints and applications inside the corporation—is exposed by design, remaining entirely unprotected.

Active Directory is used by 9 out of 10 companies around the world and is freely accessible to attackers anytime, from any machine connected to the domain. It only takes ONE compromised endpoint connected to a corporate domain to jeopardize the entire organization.

The Solution: Javelin AD|Protect

Javelin AD|Protect, A.I.-driven platform, protects the Active Directory and provides autonomous breach prevention and containment, incident response, and threat hunting capabilities. By combining A.I., obfuscation and advanced forensics methodologies right at the point of breach, AD|Protect can respond automatically and in real time to contain the attack.

It’s the only agentless solution that immediately contains attackers after they compromise a machine, preventing them from using Active Directory credentials and moving laterally into the network. Javelin greatly reduces the effort, time and error involved in detecting and containing a breach.

Applying reverse IR methods, specifically designed for a Corporate Domain environment, Javelin determines if the attack is just a local incident or part of a larger effort across the organization. AD-Protect further protects the organization by autonomously and continuously probing and fixing the environment for misconfiguration or Domain attack persistency.

Credential Theft and Use

No additional cost. Our company believes in a model where extras are included.

Included features for Javelin AD Protect:

Protects and obfuscates credentials
Enhances real time detection of attacker to seconds from days/weeks/years.
Provides session analysis of popular attacks and others like:

  • Pass the ticket
  • Pass the hash
  • Over pass the hash

How It Works

Agentless, Appliance-less, attacker detection
Autonomous forensics, containment
By protecting the Active Directory
At the endpoint

The endpoint is the most common breach avenue to Active Directory and Domain Admin. AD Protect controls the attacker’s perception of locally stored credentials, internal resources, and Active Directory topology. This includes all endpoints, servers, users and applications. Delivered right at the point of breach, infinitely, AD Protect is not bound by legacy concepts that create traps or lures. Javelin Networks unique delivery uses an appliances-less, agentless technology.

Attackers are detected live on the endpoint and memory and file system forensics are launched. In this way, containment is policy driven. The obfuscated Active Directory has no user impact, no business impact, and no performance impact. The endpoint—the most commonly exploited attack vector—operates as normal and is rendered a complete giveaway to the real-time threat.

IR, Hunting and Breach Containment

Answers the questions: What did I miss? How can my prevention be better?

AD Protect gathers forensics data on the breach during detection of the patient zero and hunts other entry points that may be unused. Attackers may use one door at a time; the defender needs to look for all of them upon breach. Orchestrated hunting drives autonomous containment of the breach when multiple patient machines are involved.

The platform detects the attacker’s method of credential theft, recon, and lateral movement. These bypass zero-day detection methodology. Pre-zero-day means undiscovered or discovered is not relevant. This information can be used to drive intelligence back into the security program. This allows AD Protect to not be bound by traditional methodology of “detection based on discovery” of malware and exploits (whether fileless or not is irrelevant). AD Protect will identify tradecraft during the most crucial phases of the kill chain: where an attacker has compromised an endpoint.

Most believe EDR is effective here, but these solutions cannot address the Active Directory native vulnerabilities that the attackers are exploiting. It requires a new line of thinking—that of an attacker.

Think like a hacker. Use their methods.

Solution Architecture

A.I. learns all the attributes of the topology and controls the attacker’s perception of the domain environment through obfuscation. When an attacker interacts with the obfuscation, they give themselves away. This results in TRUE POSITIVE alerts as legitimate users should not find themselves in the obfuscation. Insider threats can also be identified here as they perform reconnaissance.

No Agents
No Appliances
No Limits
Without changing your Active Directory

Think like a hacker. Give up legacy concepts.

Business Benefits to thinking like a hacker:

Easy to deploy
  • No AD, endpoint, or network changes
  • No additional resources or FTEs
  • No user friction or business impact
  • Minimal infrastructure needed, one virtual appliance per 20k hosts

Easy to manage
  • No Agent
  • No ongoing maintenance
  • Automatic AI driven topology updates
  • Upgrades are only for virtual appliance

Easy to use
  • No false positives
  • No alert fatigue
  • Forensics generated automatically

Effective Security
  • Identify AD vulnerabilities
  • Identify AD backdoors
  • Fool attackers into identifying themselves
  • Laser focused forensics
  • Real-time Automatic breach containment
Feature
  • Controls the attacker’s perception of credentials and topology with Infinite Obfuscation of AD
  • Agentless Memory Manipulation - Ability to project an infinite obfuscation on all domain assets.
  • Automated Memory Forensics - Use of artificial intelligence to trigger Incident Response to automatically pull forensics from memory on a compromised host, including even the shell commands that were run.
  • Real-time Breach Containment - Automated mitigation to take action and contain the breach in real time.
  • Continuous AD Dark Corners Assessment - Leverage artificial intelligence to continuously probe for domain persistency on all DC's and endpoints; find vulnerabilities and backdoors.
Benefit
  • Real-time detection while ensuring authenticity of data presented to attacker with minimal effort adapting to any resource.
  • Scalable coverage across all assets in an enterprise organization without changing the infrastructure.
  • Cut through the noise, ensuring only relevant IOC and forensic data is captured, and significantly reduces time and effort to investigate a breach.
  • Allows for hands-free response including quarantine and termination of stealthy communications internally (Named Pipes) or externally (C&C).
  • Ensures backdoors and other techniques used by attackers to establish persistently in a domain environment are prevented.