How do I stop a compromised endpoint from doing greater harm?

By protecting your Active Directory (AD) environment against malicious use by attackers.

From the endpoint, Threat Defense for AD effectively controls the attacker’s perception of the organization’s internal resources—all endpoints, servers, users, applications, and locally stored credentials. This solution autonomously learns the organization’s Active Directory structure in its entirety and uses this data to create an authentic and unlimited obfuscation.

  • Disrupt reconnaissance activity and contain the attack at the point of
  • Prevent attackers from using Active Directory to steal credentials and move laterally
  • Force attackers to give themselves away quickly by creating a false AD environment on the endpoint

How do I shorten dwell time and mean time to containment?

It takes just 7 minutes for an attacker to obtain complete domain dominance.

With real time breach visibility and automated attack containment, this solution provides real-time forensics reporting that captures actual reconnaissance, credential theft, and lateral movement phases that were performed by the attacker. Automatic mitigation stops the malicious process on the endpoint to contain the breach.

  • Full forensic reporting, created within seconds of the alert, provides a snapshot of the endpoint at the time of attack along with full attack chain analysis.
  • Automated mitigation stops malicious processes at the endpoint, containing the breach in real time to ensure it cannot spawn another process, overwrite another part of memory, run recon commands, or communicate via the network.
  • See only high-priority, legitimate alerts with automated forensics that scan for the right information only when an attack is detected, reducing alert fatigue.

How do I avoid an Active Directory attack?

With ongoing and automated attack simulations on your Active Directory environment.

Threat Defense for AD uses attack simulation technology to continuously probe your domain for misconfigurations, vulnerabilities, and persistence, and presents the Active Directory Administrator their domain from the attacker’s perspective, allowing for immediate risk mitigation to reduce the attack surface.

  • Identify domain network and Active Directory service vulnerabilities by assessing Active Directory configuration settings and the ways security enhancements are implemented. 
  • Autonomously analyze the domain network and Active Directory structure for back doors, persistence hooks, and other openings that allow attackers to come back any time.
  • Get alerts on misconfigurations and back doors that include recommendations for remediation.

Upgrade to Symantec Complete Endpoint Defense—Active Directory Protection

Need to protect active directory for more complete endpoint defense? Only from us. Select a suite with the right level of endpoint defense for your organization.

  • Broaden your defense with additional prevention, detection, remediation, and additional hardening technologies.
  • Utilize interlocking defenses at the device, the app, and the network level.