Free Downloads
search
Advanced persistent threats

Advanced persistent threats

Advanced persistent threats (APTs) are dangerous, sophisticated, long-term attacks that involve stealthily spying on an organization's network and extracting sensitive data at will. Unlike other attacks, APTs focus on extracting as much value as possible for as long as possible. Defending against these more complex attacks is a multistep process.

Protect my org.
Phishing

Phishing

When con artists meet the digital world, you get phishing. A modern take on the ancient art of tricking people, phishing is a common vector for financial scams, malware infections, credential theft, and more.

Protect my org.
Password- or credential-based attacks

Password- or credential-based attacks

This common variety of attack comes in many flavors. The common underlying theme is attackers trying to guess passwords or use leaked ones to get into corporate networks. The most common are brute-force attacks and credential stuffing attacks.

Protect my org.
Phishing

Phishing

When con artists meet the digital world, you get phishing. A modern take on the ancient art of tricking people, phishing is a common vector for financial scams, malware infections, credential theft, and more.

Here's how ManageEngine can help you stop phishing attacks

Log360

Unified SIEM solution with integrated DLP and CASB capabilities

Learn more >>
  • Employ threat intelligence and integrate with third-party threat feeds to detect phishing attacks.
  • Detect suspicious emails and alert users about them based on keywords in the content or the attachment size, type, and extension.

Endpoint Central

Integrated endpoint management and protection

Learn more >>
  • Enforce phishing security controls on all browsers installed on organization laptops, tablets, and smartphones.

AD360

Workforce identity and access management for hybrid ecosystems

Learn more >>
  • Scan email headers and content across all user inboxes and get alerted when emails are received from unknown users or servers
Close Quick refresher

Need a refresher on phishing attacks?

Phishing is a form of social engineering attack where malicious actors send out seemingly legitimate emails and messages to trick victims into sharing sensitive information or paying money. It is also used as a means to deliver malware (like ransomware).

You can learn more about phishing and other social engineering attacks in our webcast, "Social engineering and Zero Trust—The human element in cybersecurity."

Password- or credential-based attacks

Password- or credential-based attacks

This common variety of attack comes in many flavors. The common underlying theme is attackers trying to guess passwords or use leaked ones to get into corporate networks. The most common are brute-force attacks and credential stuffing attacks.

Here's how ManageEngine can help you stop password-based attacks

AD360

Workforce identity and access management for hybrid ecosystems

Learn more >>
  • Enforce adaptive MFA and password complexity rules to add additional layers of security and protect against password-based attacks.
  • Integrate with Have I Been Pwned?'s database to detect passwords and credentials exposed in breaches and alert users about them.
  • Reduce your organization's attack surface by automatically detecting and removing inactive accounts.

Log360

Unified SIEM solution with integrated DLP and CASB capabilities

Learn more >>
  • Monitor activity across your network and use ML-powered user and entity behavior analytics to detect potential attacks.
  • Get alerted to unusual activities, such as a high amount of failed login requests and other signs of password-based attacks.

OpManager Plus

Unified network, server, and application management

Learn more >>
  • Collect and analyze firewall logs across your network to detect potential brute-force and credential stuffing attacks.

PAM360

Complete privileged access security for enterprises

Learn more >>
  • Automatically onboard privileged accounts into a centrally managed secure vault with AES-256 encryption and role-based access permissions.
  • Enable the secure sharing of credentials without exposing plaintext passwords and automatically rotate and reset passwords.

Endpoint Central

Integrated endpoint management and protection

Learn more >>
  • Use MITTRE TTP-forensics, behavioural analytics, and deep learning to detect signs of a cyberattack by using AI-powered next-generation anti-virus
  • Enforce strict password policies across all your devices to ensure your users' passwords comply with organization policies and are changed at regular intervals if needed.
  • Restrict or remove local admin rights, maintain a least privilege model and enable just-in-time access to reduce your attack surface.
Close Quick refresher

Need a quick refresher on brute-force and credential stuffing attacks?

Brute-force attacks use trial and error to gain access to a system. The attackers usually use a bot that tries various combinations of usernames and passwords.

Credential stuffing attacks are a type of brute-force attack where the attackers use credentials that have been leaked in breaches of other organizations. While the overall attack success rate is low, the low effort involved and the high volume of leaked credentials available online make this a worthwhile weapon in an attacker's arsenal.

Credential dumping is yet another form of credential-based attack that organizations face.

Ransomware

Ransomware

One of the most well-known boogeymen on this list, ransomware attacks have evolved past just encrypting files to disrupt operations. Newer varieties of ransomware also steal the files being encrypted, adding another layer of risk.

There's more bad news: According to Verizon's 2024 Data Breach Investigations Report (DBIR), 62%of financially motivated incidents involved ransomware or extortion. What's more, ransomware was a top threat across 92% of industries.So, this boogeyman isn't going away any time soon.

Here's how ManageEngine can help you prevent and mitigate ransomware attacks

Endpoint Central

Integrated endpoint management and protection

Learn more >>
  • Identify and neutralize threats, including zero-day malware, in real-time even when your devices are offline with an AI-powered next-generation anti-virus.
  • Discover and patch high-risk vulnerabilities across your network to decrease the chance of lateral movement if a system gets infected.
  • Automatically deploy patches for multiple OSs (desktop and mobile) and over 350 third-party applications.
  • Prevent unauthorized apps from being installed in managed devices by adding them to a blocklist.
  • Automatically flag unusual file alterations that resemble ransomware attacks on your endpoints and restore affected files with the anti-ransomware module.

Log360

Unified SIEM solution with integrated DLP and CASB capabilities

Learn more >>
  • Get alerted to suspicious system events and activities on file servers that are indicative of ransomware attacks.
  • Spot sudden spikes in file events like renaming, deletions, or permission changes, all of which are indicators of a ransomware attack.
  • Turn off infected machines to halt further encryption and isolate them from the network to minimize the impact.

AD360

Workforce identity and access management for hybrid ecosystems

Learn more >>
  • Automate file backups across Active Directory, OneDrive for Business, Exchange Online, and more to ensure quick disaster recovery.
  • Enable granular backup and restoration of all your Active Directory, OneDrive for Business, and Exchange Online data.
  • Audit and get alerts about suspicious activities, such as unusual file modifications and deletions, using AI-based user behavior analytics.
  • Reduce your organization's attack surface by automatically detecting and removing inactive accounts.
Close Quick refresher

Need a quick refresher on ransomware?

Ransomware is a variety of malware that's used to encrypt key files within a victim's networks. Modern varieties of ransomware go further—they steal data and delete any backup copies before encrypting the files. This adds an extra layer of danger because victims can't restore data from backups since they no longer exist, and even if they do manage to recover their files, the stolen data is still in the hands of the criminals.

Check out our e-book, Ransomware demystified, to learn about these attacks in more detail.

DDoS attacks

DDoS attacks

The traffic jams of the internet, distributed denial-of-service (DDoS) attacks can slow down your operations or even bring them to a grinding halt, frustrating employees and customers alike.

The first known instance of a DDoS attack was in 1996 on an ISP called Panix. Since then, these attacks have become more frequent and larger in size.

Here's how ManageEngine can help you detect and mitigate DDoS attacks

OpManager Plus

Unified network, server, and application management

Learn more >>
  • Collect and analyze logs from all your firewall devices to detect signs of DDoS attacks.
  • Monitor network bandwidth and analyze traffic to detect potential DDoS attacks in real time.
  • Use pattern matching and event correlation to detect anomalous traffic, sense attacks, and classify them into problem classes based on predefined algorithms.

Log360

Unified SIEM solution with integrated DLP and CASB capabilities

Learn more >>
  • Audit log data from network security devices and identify potential attacks on important servers and files when access requests exceed established thresholds.
Close Quick refresher

Need a quick refresher on DDoS attacks?

Denial-of-service (DoS) and DDoS attacks are designed to paralyze an organization's network by flooding it with traffic. Attackers do this by flooding your servers, networks, or applications with an overwhelming number of requests, packets, or messages. This can be done from a single source or from multiple sources using a botnet (hence the use of "distributed" in the name DDoS).

Man-in-the-middle attacks

Man-in-the-middle attacks

Man-in-the-middle attacks result from a failure to encrypt messages inside and outside an organization’s firewall. Today, sending out communications without sufficient encryption is like talking loudly to your friend on a crowded subway. You can communicate whatever you want, but it's likely that someone may be listening in to steal vital information.

Here's how ManageEngine can help you combat man-in-the-middle attacks

Log360

Unified SIEM solution with integrated DLP and CASB capabilities

Learn more >>
  • Encrypt syslog traffic using TLS or SSL, which provide mutual authentication between a remote server and clients, thereby preventing man-in-the-middle attacks.
  • Mark applications as sanctioned or banned and monitor the sanctioned applications for abnormal traffic (available in the cloud version).
Close Quick refresher

Need a refresher on man-in-the-middle attacks?

In a man-in-the-middle-attack, attackers position themselves between a user and a website or application that they're trying to access. The attackers then eavesdrop on the traffic sent between the user and the website or app. Alternatively, attackers may redirect users to a fake but seemingly legitimate website to steal sensitive information. These attacks are often used to steal login credentials, credit card information, and other sensitive data.

Insider threats

Insider threats

Sometimes, the biggest threats to an organization's security lie within the network. If an employee goes rogue, they could leak or destroy sensitive information that is vital to your organization's operations. The internet is rife with examples of attacks of this nature.

Here's how ManageEngine can help you detect and combat insider threats

Log360

Unified SIEM solution with integrated DLP and CASB capabilities

Learn more >>
  • Analyze network activity using AI-powered user and entity behavior analytics to detect signs of insider threats (like unusual logins and file access attempts).
  • Spot and get notified about various data exfiltration techniques using the rule-based, signature-based, and behavior-based data breach detection modules.
  • Block USB ports indefinitely upon detecting suspicious behavior and prevent data from being exfiltrated to external devices.

PAM360

Complete privileged access security for enterprises

Learn more >>
  • Manage, monitor, audit, and record all privileged user sessions as needed and terminate sessions remotely in case of suspicious activity.
  • Enforce just in time and self-service privilege elevation through an integration with the AD management module of AD360.
  • Enable privileged users or third-party contractors to launch time-limited, direct, remote access to targeted assets without password disclosure.
  • Manage all accounts, automatically rotate their passwords at regular intervals, and fetch these credentials as needed.

AD360

Workforce identity and access management for hybrid ecosystems

Learn more >>
  • Analyze user activities with AI-driven user behavior analytics to create baselines for each user and to detect anomalous activity.
  • Enforce the principle of least privilege with role-based access controls and detect and reduce the privileges of accounts with excessive access permissions.

Endpoint Central

Integrated endpoint management and protection

Learn more >>
  • Stop sensitive content from being exported via unsanctioned web browsers to various third-party cloud storage applications.
  • Ensure that only enterprise-approved apps can access critical data.
  • Restrict USB and auxiliary devices from viewing or copying sensitive data.
  • Block and audit any attempts to bypass DLP measures in real time and receive instant alerts.
  • Secure corporate data by enforcing BitLocker encryption on all Windows devices, implementing containerization on Android and iOS devices, and implementing per-app VPN for work apps.
  • Remotely wipe the entire device inlcuding the SD card, or just erase corporate data and apps from BYOD devices without affecting the user's personal data.
  • Enable just in time access policies to determine which users are authorized to access applications and with what privileges.
Close Quick refresher

Need a refresher on insider threats?

As the name implies, an insider threat refers to a case where the attacker (or one of the attackers) is an employee in the organization. They could be a disgruntled employee or an employee who is being enticed or manipulated through various means into acting against their employer.

Since they work for the company, they can easily access files or assets that external adversaries cannot. Depending on their level of seniority and their role, they could be uniquely placed to cause extensive damage to the organization.

These attacks are harder to detect. The employee in question may be allowed to access sensitive information or assets as part of their duties, so their activities normally don't raise any alerts.

Advanced persistent threats

Advanced persistent threats

Advanced persistent threats (APTs) are dangerous, sophisticated, long-term attacks that involve stealthily spying on an organization's network and extracting sensitive data at will. Unlike other attacks, APTs focus on extracting as much value as possible for as long as possible. Defending against these more complex attacks is a multistep process.

Here's how ManageEngine can help you detect, mitigate, and combat APTs

Endpoint Central

Integrated endpoint management and protection

Learn more >>
  • Detect and remediate malicious activity, zero-day malware, and other threats using the next-generation anti-virus module.
  • Enforce phishing security controls on all browsers installed on organization laptops, tablets, and smartphones.
  • Detect, prioritize, and patch high-risk vulnerabilities; automate patch management; and create, test, and deploy custom fixes for zero-day vulnerabilities.
  • Detect unusual file activity on your endpoints.
  • Enable just in time access policies to determine which users are authorized to access applications and with what privileges.

Log360

Unified SIEM solution with integrated DLP and CASB capabilities

Learn more >>
  • Employ threat intelligence to detect phishing attacks, signs of account compromise, signs of malware within the network, and more.
  • Get alerted to suspicious system events, file server activity, user actions, and more using user and entity behavior analytics.
  • Analyze network logs to detect traffic being sent to malicious or unknown sources.
  • Monitor all file activities to detect unusual file actions as well as data showing up in unexpected places.
  • Detect and get alerted to unpatched vulnerabilities within your network.

AD360

Workforce identity and access management for hybrid ecosystems

Learn more >>
  • Audit Active Directory by detecting and reducing the privileges of accounts with excessive access permissions to prevent lateral movement.
  • Enforce the principle of least privilege by assigning custom roles to non-admin users without elevating native permissions through role-based access controls.
  • Monitor and audit user actions, detect suspicious activities using AI-driven user behavior analytics, and receive real-time alerts.
  • Monitor and get alerts on spam, malware, DLP policy matches, phishing emails, and more to stay on top of APTs.

PAM360

Complete privileged access security for enterprises

Learn more >>
  • Enforce just in time and self-service privilege elevation through an integration with the AD management module of AD360 to prevent lateral movement.

OpManager Plus

Unified network, server, and application management

Learn more >>
  • Monitor network bandwidth and analyze traffic to detect communications with unknown or malicious sources.
  • Analyze conversations, detect traffic patterns, diagnose network anomalies, and identify any threat that may have bypassed the firewall.
Close Quick refresher

Need a refresher on APTs?

APTs are usually complex, multistep attacks. Unlike other attacks, they are focused on specific targets and are manually triggered. Unlike a quick hit-and-run attack that focuses on causing damage to one part of a network, an APT is a long-term attack that aims to infiltrate as much of the network as possible. The goal is to lurk in the network for as long as possible to collect and extract as much sensitive data as possible.

APTs typically have three stages:

1. Infiltration: Adversaries establish a foothold within the target's network through social engineering, malware, or exploiting vulnerabilities.

2. Lateral movement: Next, adversaries attempt to increase their presence within the network by compromising more systems and accounts, especially those with higher privileges. They also establish additional points of compromise so the attack can continue even if some of these points are locked down.

3. Data exfiltration: During an APT, adversaries store the stolen data in secure locations within the target network. Once they have enough data, they try to extract it without being discovered. This stage can continue for as long as the adversaries need or until they get discovered.

You can read more about APTs here.

  • Phishing
  • Password- or credential-based attacks
  • Ransomware
  • DDoS attacks
  • Man-in-the-middle attacks
  • Insider threats
  • Advanced persistent threats
Thank you for reaching out! We'll get in touch with you shortly.
Back to Top