Aorato’s Directory Services Application Firewall (DAF™)

Aorato’s DAF protects Active Directory and leverages its central role in the network to secure organization from advanced targeted attacks.

Nowadays, attackers compromise all types of entities (non-privileged and privileged users, devices, servers, etc.) in order to gain a foothold into the network. It is not enough anymore to track only privileged accounts to protect the organization against advanced attacks. DAF introduces a new approach. DAF detects suspicious activities through learning, profiling and predicting entities’ behaviors.

The best part? DAF is a non-intrusive solution, transparent to Active Directory.

DAF Analyzes all Active Directory-related Traffic

A simple port mirroring configuration copies all Active Directory-related traffic to DAF

DAF Automatically Learns all Entity’s Behaviors

DAF continuously learns the entity’s behaviors and context

DAF Builds the Organizational Security Graph™

DAF continuously updates and maintains entity profiles through its Organizational Security Graph™

DAF Constructs the Attack Timeline™

DAF detects suspicious activities and associates them into an Entity Behavior Attack Timeline™

Protect your Active Directory

  • Reconnaissance and Info Disclosure
  • DoS and DDoS Attacks
  • Brute Force Attacks
  • Elevation of Privileges
  • Attack-related Sensitive Actions on AD
  • Exploitation using Legit Protocols

Protect your Organization

  • Identity Theft (incl. Pass-the-Hash and Pass-the-Ticket)
  • Active Directory-related Advanced Targeted Attacks (for example, malware trying to access a file share triggers in a background call to the Active Directory to authenticate)
  • Privileged-entities Abuse
  • Behaviorally Suspicious Entity Activity (for example, an employee shares his Credentialas with other employees)

Optional: DAF Extends its Capabilities to Include Detection 
of Persistent Threats on Endpoints and Servers 

Authentication traffic between endpoints is sent to DAF (through external products). 
DAF analyzes the traffic, adds the context to each entity, and detects persistent threats

table_icon_1Adaptive to the Changing Nature of Threats No signatures, rules, thresholds or baselines. All the intelligence is built-in. By learning the entity’s behavior and interaction with Active Directory – DAF is able to detect suspicious attacks.
 The only product that detects 
Pass-the-Hash Pass-the-Ticket attacks 
table_icon_2BYOD Just Got Easier No matter where your corporate resources reside – within the corporate perimeter, on mobile devices or in the cloud – DAF witnesses all authentication and authorization to the organizational resources.
table_icon_3Seamless Deployment DAF is an appliance, either hardware or virtual. DAF utilizes port mirroring to allow seamless deployment alongside Active Directory without affecting existing network topology. It automatically starts working immediately after deployment.
table_icon_4Forget False-Positive Fatigue Only when suspicious activities are contextually aggregated, then the red flags are raised. To further increase accuracy, DAF does not only compare the entity’s behavior to its profile – but also to the profiles of those in its interaction graph.
table_icon_5Easy to Use It’s hard not to be enthusiastic about the DAF attack timeline. Functional, clear, convenient – and most importantly, presents only relevant attack data. You’ll even find yourself on familiar grounds since Aorato is the only security company that brings social networking concepts into the enterprise’s security.
table_icon_6Integrated into SIEM Solutions No more junk in your SIEM. Only suspicious activities that are contextually aggregated into the Active Timeline are sent to the SIEM. DAF integrates with the best of breeds SIEM solutions- Splunk, ArcSight, and RSA enVision. Does your SOC team have another SIEM fave? Email us and let us know.
table_icon_7Entity-Driven Behavioral Forensics When an attack occurs you want your answers – and quickly. Through its entity profiling capability, DAF provides you with the Attack Timeline™ which holds all the necessary data to respond to the “who, what, when, why and how”.