brief
This brief outlines why Active Directory is such a target to attackers, the challenge encryption presents to detecting and investigating attacks, and ExtraHop’s solution of decrypting TLS, NTLM, and Kerberos traffic in order to detect and investigate those TPPs.