Products / Endpoint Security / Endpoint Protection Family / Endpoint Threat Defense for Active Directory

Symantec Endpoint Threat Defense for Active Directory

Protect Active Directory from the endpoint.

Read the Data Sheet

By protecting your Active Directory (AD) environment against malicious use by attackers.

From the endpoint, Threat Defense for AD effectively controls the attacker’s perception of the organization’s internal resources—all endpoints, servers, users, applications, and locally stored credentials. This solution autonomously learns the organization’s Active Directory structure in its entirety and uses this data to create an authentic and unlimited obfuscation.

  • Disrupt reconnaissance activity and contain the attack at the point of
    breach
  • Prevent attackers from using Active Directory to steal credentials and move laterally
  • Force attackers to give themselves away quickly by creating a false AD environment on the endpoint

How do I stop a compromised endpoint from doing greater harm?

Video Tutorials

It takes just 7 minutes for an attacker to obtain complete domain dominance.

With real time breach visibility and automated attack containment, this solution provides real-time forensics reporting that captures actual reconnaissance, credential theft, and lateral movement phases that were performed by the attacker. Automatic mitigation stops the malicious process on the endpoint to contain the breach.

  • Full forensic reporting, created within seconds of the alert, provides a snapshot of the endpoint at the time of attack along with full attack chain analysis.
  • Automated mitigation stops malicious processes at the endpoint, containing the breach in real time to ensure it cannot spawn another process, overwrite another part of memory, run recon commands, or communicate via the network.
  • See only high-priority, legitimate alerts with automated forensics that scan for the right information only when an attack is detected, reducing alert fatigue.

How do I shorten dwell time and mean time to containment?

With ongoing and automated attack simulations on your Active Directory environment.

Threat Defense for AD uses attack simulation technology to continuously probe your domain for misconfigurations, vulnerabilities, and persistence, and presents the Active Directory Administrator their domain from the attacker’s perspective, allowing for immediate risk mitigation to reduce the attack surface.

  • Identify domain network and Active Directory service vulnerabilities by assessing Active Directory configuration settings and the ways security enhancements are implemented.
  • Autonomously analyze the domain network and Active Directory structure for back doors, persistence hooks, and other openings that allow attackers to come back any time.
  • Get alerts on misconfigurations and back doors that include recommendations for remediation.

How do I avoid an Active Directory attack?

Upgrade to Symantec Complete Endpoint Defense—Active Directory Protection

Need to protect active directory for more complete endpoint defense? Only from us. Select a suite with the right level of endpoint defense for your organization.

  • Broaden your defense with additional prevention, detection, remediation, and additional hardening technologies.
  • Utilize interlocking defenses at the device, the app, and the network level.

“We quickly covered the company endpoints with a unique and effective security layer. At almost zero impact in performance and productivity, we gain an important capability of addressing advanced attacks with much better tools in our arsenal and reduce dramatically man hours required to respond to incidents.”

 

Mor Asher, Global IT & Information Security Manager

Telit

Core Server Minimum specifications

VM must be a new Windows Server 2016 (preferred) or 2012 R2 Standard or Datacenter. Evaluation versions are not supported.
(VMware thin provisioning is NOT supported)

2 CPUs

8GB of RAM (if endpoint count over 5k, configure 16GB RAM)

200 GB of free hard drive space for application (same or different drive)

Agent Minimum Specifications

OS support: Win7+/Server 2008+

Disk Space: Minimum 10MB