Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

Press Releases

November 2, 2021 | ChannelPro

ExtraHop Introduces Breakthrough Decryption and Threat Detection Capabilities for Microsoft Environments

Out-of-Band Decryption and Powerful AI Help Security Teams Defend Critical Active Directory Infrastructure and Identify Microsoft Protocol Abuse Used to Carry Out A New Class of Advanced Attacks.

ExtraHop, the leader in cloud-native network detection and response (NDR), today announced that it has expanded decryption support for Microsoft authentication and application protocols, providing high-fidelity detection of malicious activity associated with nearly two-thirds of the most exploited network protocols. This first-and-only decryption capability detects a new class of advanced attacks, including ‘living-off-the-land’ and Active Directory Kerberos Golden Ticket attacks, that exploit proprietary Microsoft protocols to evade security controls and traditional monitoring tools like next-generation firewalls (NGFW) and web proxies. Advanced decryption also detects high risk CVE exploitation such as PrintNightmare, ZeroLogon, and ProxyLogon, and provides proactive defense against future zero-day exploits.

Learn more about how insecure protocols expose organizations to cyber risk.

According to a Joint Cybersecurity Advisory issued by the U.S. FBI, CISA, the UK National Cyber Security Centre, and the Australian Cyber Security Centre, encrypted protocols such as Microsoft Server Message Block v3 are used to mask lateral movement and other advanced tactics in 60% of the 30 most exploited network vulnerabilities. Of the top 11 most exploited vulnerabilities, four involve Microsoft systems. Three of those four can be exploited via an encrypted channel.

Unlike NGFW and web proxies, ExtraHop Reveal(x) 360 detects sophisticated emerging attack techniques with line-rate decryption of the most commonly abused Microsoft protocols such as SMBv3, Active Directory Kerberos, Microsoft Remote Procedure Call (MS-RPC), NTLM, LDAP, WINRM, in addition to TLS 1.3. This decryption capability also detects post-compromise activity that encrypted traffic analysis (ETA) misses, including ransomware campaigns that exploit the PrintNightmare vulnerability.

“In 2021, the sophistication of ransomware has increased significantly, with techniques that were once the sole purview of nation states now regularly being used for illicit financial gain,” said Jon Oltsik, Sr. Principal Analyst, ESG Research. “This new class of attacks, including Living-off-the-Land and Active Directory Golden Ticket, exploit organizations’ biggest blind spot–encrypted traffic. ExtraHop has long supported secure decryption of east-west SSL and TLS 1.3 traffic, and can now extend that support for critical Microsoft protocols at the center of today’s most insidious attacks.”

“Organizations are blind to encrypted malicious activity happening laterally within the east-west corridor,” said Sri Sundaralingam, VP, Security and Cloud Solutions at ExtraHop. “Even technologies like firewalls and encrypted traffic analysis that claim to provide visibility fail to detect attacks that use encrypted communications to exploit vulnerabilities commonly seen in advanced threat campaigns. ExtraHop Reveal(x) 360 can identify—with fidelity—exploitation and protocol abuse associated with major CVEs, both today and in the future.”

ExtraHop Reveal(x) 360 goes far beyond the limited protocol identification and statistical analysis offered by NGFW, web proxies, and ETA, securely decrypting and fully parsing Microsoft Active Directory authentication protocols (Kerberos and NTLM) and Microsoft Windows application-level protocols using passive, out-of-band decryption for rapid and accurate detection of advanced threat activity. Reveal(x) 360 also provides forensic-level record data on encrypted traffic, including specific SQL queries, commands sent via MS-RPC, and LDAP enumeration behavior for comprehensive investigation and response. With Reveal(x) 360, customers can:

  • Prevent unauthorized access and privilege escalation attempts via Microsoft Active Directory infrastructure.
  • Monitor for ‘living-off-the-land’ tactics used during east-west lateral movements to expose hidden threats.
  • Defend against high risk vulnerabilities like PrintNightmare and Microsoft Active Directory being exploited in advanced threat campaigns to carry out disruptive attacks.

To learn more about the role of decryption in defending against advanced threats, visit the ExtraHop Decryption Blog.

Click here to learn more about how to detect attacks using Microsoft Protocol Decryption.


Editor’s Choice

MSP360 Bolsters Managed Backup Solution With Full Sharepoint Backup and Restore, Object Lock, and More

March 25, 2024 |

MSP360 CEO Brian Helwig details the latest improvements in its managed backup solutions and teases some new opportunities down the road for its partners in an exclusive ChannelPro interview.

Peer to Peer: Aurora’s Philip de Souza shares his secrets to creating a successful MSSP

March 19, 2024 | Philip de Souza

“It’s important that we understand when it comes to this whole MSP world that it’s all about the customer.”

Evolving State AI Regulations: Best Practices for Mitigating Risk

March 14, 2024 | Anurag Lal

While AI technologies can unlock tremendous business value, they also have potential risks.


Related News

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience