KEMBAR78
Keystrike Data Sheet | PDF | Security | Computer Security
Scribd
Upload
20 views2 pages

Keystrike Data Sheet

The document discusses the threat of advanced persistent threats (APTs) that exploit compromised workstations to bypass identity controls and move laterally within networks. Keystrike offers a solution that detects and isolates compromised workstations by authenticating every remote command, preventing attackers from executing malicious actions. The approach aims to secure privileged accounts and protect sensitive systems from breaches and ransomware attacks.

Uploaded by

rushdidxb46
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views2 pages

Keystrike Data Sheet

The document discusses the threat of advanced persistent threats (APTs) that exploit compromised workstations to bypass identity controls and move laterally within networks. Keystrike offers a solution that detects and isolates compromised workstations by authenticating every remote command, preventing attackers from executing malicious actions. The approach aims to secure privileged accounts and protect sensitive systems from breaches and ransomware attacks.

Uploaded by

rushdidxb46
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Block Lateral Movement

Detect and disrupt advanced persistent


threats (APT) living off the land.

How attackers Bypass Identity


Controls

Modern breaches typically start by compromising


workstations because people are the weakest link and

www.keystrike.com
perimeter defenses are easily bypassed with social
engineering. Attackers then move laterally by taking
over users’ authorized accounts. This is APT’s bread
and butter because identity security controls store
tokens, cookies, tickets, etc. on users’ workstations.

When the workstation is compromised, attackers can


simply usurp these access tokens for their own
purposes without raising any suspicion.

A Clean Signal for Workstation


Compromise
There is no correlation between compromising the Keystrike Benefits
software on a workstation and having physical access
to the workstation. When workstations are
Early detection of APTs
compromised, the one thing the attacker cannot do
remotely is physically type at the keyboard.
Isolate compromised workstations

This means remote connection attempts, without from sensitive systems


physical input, are sure signs of compromise.
Block ransomware

Stop breaches & data exfiltration

Rapid deployment via msi files


ATTACK

REMOTE LACK OF Zero user friction


CONNECTION PHYSICAL
ATTEMPTS INPUT

MFA & PAM Don’t Stop Lateral Movement


Even MFA and PAM solutions are ineffective against this common attack path because they also store access tokens on
the workstation. After privileged users provide the 2nd factor for MFA or PAM, the attacker can use the authorized
session concurrently with the administrator.
Keystrike Solution: Attestation for every remote connection command
Keystrike disrupts attacks before they become breaches by detecting compromised workstations and
isolating them from jump boxes and other sensitive systems.

Was the command typed at Does this command


this workstation keyboard? have attestation?

ADVANCED SENSITIVE
HACKER WORKSTATION SYSTEMS

AUTHORIZED USER

Keystrike assumes both the workstation and its authenticated


sessions are compromised. To protect sensitive systems (e.g. servers
with critical data, domain controllers, jump boxes, etc.) Keystrike
Supported Protocols
authenticates the intent of every remote command (RDP, SSH, VDI,
etc.) to filter malicious commands from legitimate ones without any RDP VNC
false positives.
OCA SSH
This stops APTs from using process injection or token hijacking to
send malicious commands that breach critical data or install TeamViewer VDI
ransomware on sensitive systems.

Uses cases
Detect and Stop APTs and Block Lateral Movement
Social engineering and zero-day exploits enable APTs to easily bypass perimeter security controls. However,
Keystrike detects APTs at the precise moment they attempt to move laterally.

Secure Privileged Accounts


Ensure that the remote commands from authorized users’ workstations (e.g. IT admins, developers, executives,
WFH/remote users, contractors, etc.) are from the authorized person, not attackers hijacking authorized
accounts.

Protect Jump Boxes and Bastion Hosts


Stop attackers from accessing the highest security network segments by taking over privileged accounts to
protect OT enviroments and SCADA systems.

Scan the QR code to sign up for a demo


For further information, please visit our website keystrike.com or send an email to info@keystrike.com.

You might also like