ThreatStrike is part of Attivo's Endpoint Detection Net (EDN) suite. It works against credential-based attacks, and can make a material impact on the success and damages incurred by an attacker, according to the company.
Attivo ThreatStrike cloaking hides and denies unauthorised access to applications. At launch, it supports 75 of the most popular Windows applications targeted by attackers, and the company plans to add more.
It directly addresses sophisticated attack techniques outlined by MITRE, including OS credential dumping, credentials from password store, unsecured credentials, steal or forge Kerberos tickets, and steal web session cookie.
"The benefit of credential protection is that only allowed system software can access them," said Attivo Networks senior vice president of engineering Srikant Vissamsetti.
"Customers will benefit from the prevention of unauthorised access, which can lead to credential theft attacks, such as Pass-the-Hash, Pass-The-Ticket, and Password Theft that can be extremely difficult to detect and stop."
As well as protecting endpoint credentials, ThreatStrike plants bait on those endpoints to resemble popular Windows, Mac, and Linux credentials. This takes up attackers' time, and attempts to use these fake credentials can reveal their activities.
Rather than simply adding fake objects among the real ones, Attivo's cloaking technology hides real assets and puts fake data in its place.