Symantec Endpoint Threat Defense for Active Directory (TDAD) is a solution that protects the Active Directory. Threat Defense for AD disrupts domain reconnaissance activity, detects an attacker that attempts lateral movement or credential theft, and mitigates intrusion by operations, user, or endpoint. The Artificial Intelligence engine uses Natural Language Processing and creates a false environment on the endpoint. This false environment obfuscates any AD reconnaissance commands that are used, regardless of the protocol. This deception results in recognizing attackers when they attack the AD. The intrusion is then automatically mitigated through policy. Threat Defense for AD identifies vulnerabilities, misconfigurations, and possible backdoors within the AD. This identification provides security teams with the opportunity to reduce the AD attack surface, harden the Domain, and reduce risk.
What's New in TDAD
The following new features are added to TDAD:
Customized event subscription collector Introduced a new method to collect logs from domain controllers, TDAD can collect logs from the Event subscription client existing in your network.
Enabling usage of customized fake names dictionary. Enables you to replace the built-in fake names dictionary of TDAD with your own dictionary to improve obfuscation results.
The following feature enhancements are made in this release:
Improved performance of query processing time for MySQL read-write option
Improved performance for Memory Manipulation
Improved name resolution for cloned (VDI) workstation
Fixed Issues in TDAD
The following issues are fixed in this release:
Increased MySQL buffer memory to support low resource environment
Fixed an issue with ArcSight syslog collection
Fixed an issue with the installer that did not resume installation after a failed attempt
Fixed a timeout issue that caused failure with the update service installation
Builds that are available to download after September 4, 2019