Skip to main content
All CollectionsEndpoint Protection
Feature overview: Network Attack Defense
Feature overview: Network Attack Defense

An overview of the Network Attack Defense functionality in Defense.com Endpoint Protection.

Daniel Sampson avatar
Written by Daniel Sampson
Updated over a year ago

The Defense.com Network Attack Defense module focuses on detecting network attacks designed to gain access on endpoints through specific techniques, such as: brute-force attacks, network exploits, password stealers, drive-by-download infection vectors, bots, and Trojans.

Compatibility

The Network Attack Defense module is available for:

  • Windows for workstations

  • Windows for servers

    On Windows servers, Network Attack Defense detects and prevents RDP brute-force attacks by scanning incoming connections on the RDP ports to identify authentication anomalies. Network Attack Defense also scans web traffic when used with Content Control.

  • macOS

  • Linux

Configuration

The Network Attack Defense module is pre-configured in your endpoint package using default settings that are recommended by the Defense.com team. The following information describes the specific functionality available and any custom options that can be configured with the help of your Defense.com representative.

The following configuration options can be enabled to protect against each network attack category. The network attack techniques are grouped according to MITRE's ATT&CK framework:

  • Initial Access

    The attacker gains entry within a network by various means, including vulnerabilities of public-facing web servers. For example: information disclosure exploits, SQL injection exploits, drive-by download injection vectors.

  • Credential Access

    The attacker steals credentials like usernames and passwords to gain access into the systems. For example: brute-force attacks, unauthorized authentication exploits, password stealers.

  • Discovery

    The attacker, once infiltrated, tries to obtain information about the systems and the internal network, before deciding what to do next. For example: directory traversal exploits, HTTP directory traversal exploits.

  • Lateral Movement

    The attacker explores the network, often by moving through multiple systems, to find the main target. The attacker may use specific tools to accomplish the objective. For example: command injection exploits, Shellshock exploits, double extension exploits.

  • Crimeware

    This category comprises techniques designed to automate cybercrime. For example, Crimeware techniques are: nuclear exploits, various malware software such as Trojans and bots.

The following actions can be taken against each category of network attack techniques:

  • Block

    Network Attack Defense stops the attack attempt once detected.

  • Report Only

    Network Attack Defense informs you about the detected attack attempt, but it will not try to stop it.

Windows Servers

On Windows servers, Network Attack Defense detects and prevents RDP brute-force attacks by scanning incoming connections on the RDP ports to identify authentication anomalies.

Network Attack Defense also scans web traffic when used with Content Control.

For more information about how your Network Attack Defense options can be configured, please contact your Defense.com representative.

Did this answer your question?