Active Directory Deception

Protecting the keys to the kingdom through deception and detection

Clients who have large Active Directories understand that if AD gets compromised, it’s basically game over until it gets rebuilt. In many breach responses we’ve been called in for, Active Directory was a pivotal part of the intrusion and therefore a pivotal part of the remediation strategy.

If an attacker gets access to AD accounts, it’s critical that we know about it. Our Active Directory detection/deception technology gives us the edge in the EUBA arena. Even before we begin investigating, the attacker is presented with a massive amount of false information to confuse and degrade access capabilities, while we react to determine how the attacker got access to AD accounts in the first place. We use this information to determine what other activity, malware, or other Indicators of Compromise (IOCs) exist in order to eradicate the intrusion.

Ingalls Managed Detection & Response works with several deception technology providers, including those that leverage their own Artificial Intelligence capabilities. Contact Us today if you’d like to discuss how our Managed Detection & Response service can solve your cybersecurity needs, including Active Directory Deception.

Contact Us

If you are concerned about a potential breach or if you are currently experiencing a breach and require immediate assistance, contact our 24x7x365 Emergency Hotline:


Ingalls Information Security