Preempt allows organizations to detect and block hacker reconnaissance tools

Increasingly cybercriminals are using their initial attacks to probe systems and look for other vulnerabilities or network resources that they can later exploit.

Threat detection platform Preempt is launching new capabilities that allow enterprises to prevent lateral movement and unauthorized domain access due to the misuse of network credentials in reconnaissance tools.

It will give organizations the ability to detect use of reconnaissance tools like BloodHound and other Lightweight Directory Access Protocol (LDAP) analysis tools. Additionally, Preempt enables security teams to respond in real time as tools are being used, to prevent a threat before it impacts the network. This expands on previous capabilities -- such as the ability to block and easily contain PowerShell, PsExec and other attacking tools -- making Preempt a robust platform for tool and protocol containment.

"For more than 20 years, enterprises have spent millions of dollars to get visibility into these tools and attacks," saysAjit Sancheti, co-founder and CEO at Preempt. "We now have the ability to detect, isolate, control and contain these reconnaissance tools. This is a major step forward in our industry and it allows companies to truly enforce security on virtually any resource or network."

Preempt also offers the ability to inspect authentication protocols like NTLM and DCE/RPC protocol support, as well as Kerberos and LDAP. This means it can help organizations take a proactive role in controlling protocol usage and reduce risk of credential forwarding, password cracking and other credential-based attacks such as Pass-the-Hash and Golden Ticket. Preempt is able to handle decryption of the protocol in real time for threat detection and prevention.

You can find out more on the Preempt website.

Image credit: GlebStock / Shutterstock