The idea behind ThreatPath is to help organisations get on the front foot as far as credential exposure is concerned. Rather than waiting for a compromise to occur, they can use ThreatPath to reveal risky situations and automatically remediate them – hopefully before attackers take advantage of those opportunities.
ThreatPath uses topographical maps and tables to reveal exposed domain admin and cached user credentials on all endpoints, RDP sessions to high-value servers, AWS access keys, and connected at-risk devices.
It can then automatically remove the saved credentials, shared folders, and vulnerabilities, even if they are stored in the cloud.
Security teams can configure ThreatPath to create path rules to high-value assets and then report on these potential paths.
Other features include provides drill-downs and searches based on time intervals (eg, to discover new local admin accounts.
"ThreatPath provides defenders with the visibility they need to address the mushrooming growth of endpoints and the challenges associated with controlling attackers' unauthorised access," said Attivo Networks vice president of security research Venu Vissamsetty.
"Because the ThreatPath solution is persistent on the endpoint, the visibility map is always up to date and accurate, providing real-time alerts as soon as newly created critical asset exposure paths emerge.
"This continuous coverage works hand-in-hand with the rest of the Attivo Networks EDN portfolio to quickly detect and prevent credential theft and Active Directory privilege escalation attempts."