Keystrike detects Advanced Persistent Threats “living off the land”. Historically APTs used to merely compromise passwords and devices, but today they hijack sessions — bypassing authentication and evading anomaly detection. Keystrike automatically validates the intent of individual commands within authenticated sessions to block lateral movement.
Products and Services
- Technology Platforms
- Today, APTs are attacking sessions. Zero Trust Models assume workstations are compromised, yet all identity security controls store session tokens/tickets/cookies on the device. This makes hijacking authenticated/active sessions easy, enabling APTs to move laterally into sensitive systems… and there’s no anomaly! Keystrike detects when hijacked user/admin accounts attempt to connect to sensitive systems like domain controllers, jump boxes protecting OT environments, or servers with critical data.