The cyber industry focuses on defending endpoints, applications, network, mobile devices, etc.
Yet Active Directory, a database containing all information about all users, servers, endpoints and applications inside the corporation, is exposed by design, remaining entirely unprotected.
Active Directory is used by 9 out of 10 companies around the world and is freely accessible by attackers anytime, from any machine connected to the domain. It only takes ONE compromised endpoint connected to a corporate domain jeopardizes the entire organization.
Javelin AD|Protect, A.I.-driven platform, protects the Active Directory and provides autonomous breach prevention and containment, incident response, and threat hunting capabilities. By combining A.I., obfuscation and advanced forensics methodologies right at the point of breach, AD|Protect can respond automatically and in real time to contain the attack.
It’s the only agentless solution that immediately contains attackers after they compromise a machine, preventing them from using Active Directory credentials and moving laterally into the network. Javelin greatly reduces the effort, time and error involved in detecting and containing a breach.
Applying reverse IR methods, specifically designed for a Corporate Domain environment, Javelin determines if the attack is just a local incident or part of a larger effort across the organization. AD-Protect further protects the organization by autonomously and continuously probing and fixing the environment for misconfiguration or Domain attack persistency.
AD|Protect unique A.I. controls the attacker’s perception of locally stored credentials and the entire organization’s internal resources, including all endpoints, servers, users and applications, right at the point of breach.
AD|Protect autonomously learns the organization’s AD structure in its entirety (servers, endpoints, applications, users, branches, naming conventions, configurations, etc.) and uses this data to create an unlimited number of new fake resources, then presents the fake resources to the attacker right at the endpoint. This way, real AD resources are not revealed to the attacker, and when he interacts with or attempts to move laterally from the compromised machine to one of these fake resources, it triggers a high-fidelity alert and forces the attacker to reveal themselves, without the attacker even realizing that they have been detected.
Using unique IR methodologies specifically designed for a corporate domain environment, AD|Protect collects and analyzes forensic evidence from multiple sources, determining if the attack is a local incident or part of a bigger effort.
The moment an attack is detected, an alert is triggered from the endpoint and an ‘on-demand’ scan of memory gathers key forensic information. By automating this process and scanning for the right information only when an attack is detected, versus constant scanning of the endpoint AD|Protect can monitor the process and hunt it back to patient zero to identify where the attack originated.
AD|Protect automatically traces and eliminates the source’s malicious process, communicating internally or externally and contains the breach in real time, without disrupting the end user or business. A variety of mitigation methods are available, depending on corporate policy and objective.
In a corporate domain environment, attackers find ways to leave behind backdoors and persistence hooks, allowing them to come back at any time. AD|Protect continuously probes for domain misconfigurations, attack persistency and, with policy approval, will automatically fix these errors to eliminate high-risk potential scenarios of attack persistence.
The Javelin solution is fully software-based and the Core Management Server software can be deployed on a physical or virtual server on-premise or in the cloud.
In under one hour, AD|Protect can be fully deployed to protect the heart of your organization, without any business impact or changes to the network and the Active Directory itself.