Advanced Monitoring & Protection

Advanced Monitoring
& Protection

Unprecedented Visibility, Context, and Protection.
Revolutionary Identity Assurance.

Kerberos

By far the most common enterprise authentication protocol in the world is Kerberos, which by design maintains no record of information exchange during the authentication process itself. This makes it susceptible to certain increasingly common attack techniques involving credential compromise to escalate access.

ACDP is currently the only cybersecurity platform capable of deterministically detecting these particular types of Kerberos-based attacks in near real-time, without false positives.

Ground-breaking Data Ingestion

ACDP is an end-to-end cyber defense platform that can be configured to ingest data from almost any source in minutes, and then immediately integrate, contextualize, and correlate that data to drive increasingly confident decision-making compared to other approaches:

AMP Data Sources table

By combining more constantly updated external security data with continuously monitored internal data sources, ACDP is able to generate a graph-based Digital Replica of your network that allows you to explore, manage, and forecast your entire security posture over time.

Attackers today think in graphs, not lists

Threat actors have become increasingly focused on lateral movement, traversing the network by exploring connections between devices to find the best way to escalate privileges and gain additional access to protected data and services.

To combat this, ACDP employs a graph-based defense strategy with its interactive Cyber-Physical Graph (CPG), which continuously ingests and correlates security data from internal and external sources to map and track changes in status, relationships,and data flows throughout an entire observed system over time.

An interactive user interface includes next-action buttons for real-time exploration and dynamic management of processes and entities across the enterprise, making it easy to identify vulnerabilities, detect and investigate intrusions, or hunt down insider threats.

Node Icon

AMP provides unprecedented visibility, ease of management, and the context needed to understand the potential impact of any intrusion, disruption, or failure.

Blast Radius icon
Blast Radius™

ACDP’s event, time-series, and graph analytics allow users to immediately determine the potential impact of any entity, user, or credential who might be compromised or misused. Impact assessment includes prioritized forensic strategies based on likelihood of threat actor movements. ACDP provides timely and in-depth insight into critical nodes in your organizational graph to implement better controls, mitigate risk, and intelligently design and operate a better system.

Cyberbaseline icon
Cyberbaseline™

ACDP’s CPG is continuously updated with internal data collected from telemetry, security tools, and Continuous Monitoring (ConMon) agents as well as external data from sources such as known vulnerability databases, vendor bulletins, and security blogs or forums. Continual risk assessments from this data enable Fractal OS to forecast potential impact based on advanced statistical analytics to provide real-time network resilience in a single metric called CyberBaseline.

Identity Assurance icon
An Entirely Innovative Approach to Identity Assurance
Three Headed Kerberos Elephant

The three-headed black elephant in the room...

Black Swan: unprecedented, statistically improbable event with profound consequences
Black Elephant: A Black Swan event that everyone knows is imminent but no one wants to talk about
Kerberos: 1. The three-headed dog that defended Hades in Greek mythology
2. A powerful, widely used security protocol with some critical vulnerabilities

While real-time visibility and context are vital to understanding your security posture, it’s also important to recognize that everything your logs are telling you is suspect if you can’t prove that users are who they claim to be.

Lateral movement relies on privilege escalation, with threat actors incrementally assuming the identities of users with greater network access. This is often made possible because of known vulnerabilities in Kerberos—by far the most common authentication protocol in use today. Learn More.

Privilege Escalation
Kerberos Authentication

Recently developed and readily available tools have made these techniques alarmingly simple to execute, and they are widely thought to have played a critical role in some of the most devastating attacks in history, including the OPM attack of 2015, the DNC breach of 2016, and the spread of Bad Rabbit ransomware in 2017. Learn more.

ACDP takes an entirely innovative approach to detecting these types of attack techniques. It leverages the distributed, highly parallelized analytics of Fractal OS to maintain a ledger of every Kerberos ticket exchange. This allows ACDP to verify every step in the authentication process, in near real-time. Learn more.

By effectively transforming Kerberos from a stateless protocol to a stateful one, ACDP has demonstrated the ability to deterministically detect over 80 different variations of Golden and Silver Ticket attacks in less than a minute on average, without false positives.

AMP offers a suite of modules that provide unparalleled insight and contextual understanding to more confidently protect your enterprise resources and data from both external and internal threats.

AMP SUITE OF PRODUCTS