Attackers Go for the Heart of an Organization

The cyber industry focuses on defending endpoints, applications, network, mobile devices, etc.
Yet Active Directory, a database containing all information about all users, servers, endpoints and applications inside the corporation, is exposed by design, remaining entirely unprotected.

Active Directory is used by 9 out of 10 companies around the world and is freely accessible by attackers anytime, from any machine connected to the domain. It only takes ONE compromised endpoint connected to a corporate domain jeopardizes the entire organization.

The Solution: Javelin AD|Protect

Javelin AD|Protect, A.I.-driven platform, protects the Active Directory and provides autonomous breach prevention and containment, incident response, and threat hunting capabilities. By combining A.I., obfuscation and advanced forensics methodologies right at the point of breach, AD|Protect can respond automatically and in real time to contain the attack.

It’s the only agentless solution that immediately contains attackers after they compromise a machine, preventing them from using Active Directory credentials and moving laterally into the network. Javelin greatly reduces the effort, time and error involved in detecting and containing a breach.

Applying reverse IR methods, specifically designed for a Corporate Domain environment, Javelin determines if the attack is just a local incident or part of a larger effort across the organization. AD-Protect further protects the organization by autonomously and continuously probing and fixing the environment for misconfiguration or Domain attack persistency.

How It Works

AD|Protect unique A.I. controls the attacker’s perception of locally stored credentials and the entire organization’s internal resources, including all endpoints, servers, users and applications, right at the point of breach.

AD|Protect autonomously learns the organization’s AD structure in its entirety (servers, endpoints, applications, users, branches, naming conventions, configurations, etc.) and uses this data to create an unlimited number of new fake resources, then presents the fake resources to the attacker right at the endpoint. This way, real AD resources are not revealed to the attacker, and when he interacts with or attempts to move laterally from the compromised machine to one of these fake resources, it triggers a high-fidelity alert and forces the attacker to reveal themselves, without the attacker even realizing that they have been detected.

IR, Hunting and Breach Containment

Using unique IR methodologies specifically designed for a corporate domain environment, AD|Protect collects and analyzes forensic evidence from multiple sources, determining if the attack is a local incident or part of a bigger effort.

The moment an attack is detected, an alert is triggered from the endpoint and an ‘on-demand’ scan of memory gathers key forensic information. By automating this process and scanning for the right information only when an attack is detected, versus constant scanning of the endpoint AD|Protect can monitor the process and hunt it back to patient zero to identify where the attack originated.
AD|Protect automatically traces and eliminates the source’s malicious process, communicating internally or externally and contains the breach in real time, without disrupting the end user or business. A variety of mitigation methods are available, depending on corporate policy and objective.

Persistence and Misconfiguration Prevention

In a corporate domain environment, attackers find ways to leave behind backdoors and persistence hooks, allowing them to come back at any time. AD|Protect continuously probes for domain misconfigurations, attack persistency and, with policy approval, will automatically fix these errors to eliminate high-risk potential scenarios of attack persistence.

Solution Architecture

The Javelin solution is fully software-based and the Core Management Server software can be deployed on a physical or virtual server on-premise or in the cloud.

In under one hour, AD|Protect can be fully deployed to protect the heart of your organization, without any business impact or changes to the network and the Active Directory itself.

Feature
  • Scalable coverage across all assets in an organization without changing the infrastructure
  • Ensures authenticity of data presented to attacker with minimal effort adapting to any resource
  • Cut through the noise, ensuring only relevant IOC and forensic data is captured and significantly reduces time and effort to investigate a breach
  • Allows for hands free response including quarantining and shutting off stealthy communications internally (NamedPipes) or externally (C&C)
  • Ensures backdoors and other techniques used by attackers to establish persistency in a domain environment are prevented
Benefit
  • Use of artificial intelligence to learn all domain attributes
  • Ability to project infinite number of domain resources (any application, any server, any endpoint, any corporate domain user with any privileges)
  • Use of artificial intelligence to trigger “on-demand” reverse forensic investigation
  • Automated mitigation to take action and contain the breach in real time
  • Leverage artificial intelligence to continuously probe for domain persistency on all DC’s and endpoints