Know your gear
The Identity Sensor detects attacks targeting the Kerberos network authentication protocol. Among the detections supported is the ability to detect when a Kerberos login is used to perform brute-force attacks against a system. During a brute-force attack, the malicious actor attempts to use rapidly generated passwords or encryption keys to gain system access. The sensor also detects additional Kerberos-related activities including use of stolen Kerberos tickets to move laterally across a network, requesting tickets with weak encryption - a common sign of malicious intent - and replay attacks. Replay attacks involve stealing packets from the network to forward them to a service or application.
The Identity Sensor also recognizes suspicious logins after a brute-force attack has been detected. The sensor identifies when an attacker registers a rogue Active Directory Domain Controller and uses it to inject malicious objects on other domain controllers within the same Active Directory infrastructure. It identifies when an attacker performs various activities on an Active Directory object and authenticates to remote systems using stolen credentials.
The powerful detection component of the GravityZone XDR Identity Sensor is complemented by capabilities that enable security teams to take meaningful action; for example, security teams can disable an Active Directory account or force a password reset directly from the GravityZone management console.
Enhance your purchase
Terms and Conditions
These services are considered Third Party Services, and this purchase is subject to CDW’s Third Party Cloud Services Terms and Conditions, unless you have a written agreement with CDW covering your purchase of products and services, in which case this purchase is subject to such other written agreement.
The third-party Service Provider will provide these services directly to you pursuant to the Service Provider’s standard terms and conditions or such other terms as agreed upon directly between you and the Service Provider. The Service Provider, not CDW, will be responsible to you for delivery and performance of these services. Except as otherwise set forth in the Service Provider’s agreement, these services are non-cancellable, and all fees are non-refundable.