Strategic Decryption
Detect and Stop the New Breed of Encrypted Attacks
The new class of attack techniques take advantage of recently released exploits. Encryption can be used to mask the exploitation of 60% of the most frequently targeted network vulnerabilities. Can you see them coming?
Ransomware Attacks
delivered through encrypted channels
Attackers Can Hide
in encrypted traffic on your critical infrastructure
High-Risk Vulnerabilities
that are leveraging encrypted pathways
How Attackers Use Encryption to Live Off the Land
Advanced attackers use encryption to decrease the likelihood of being caught and reduce the effectiveness of forensic investigation. As the use of encrypted protocols for network traffic inside the enterprise increases, attackers are finding that the stealthy channels they need are ready-made for them inside their target networks.
A new breed of attack technique is rapidly developing to take advantage of these preexisting encrypted channels.
Attackers use these techniques in many ways, including:
- Privilege escalation and persistence through Kerberos ticket attacks
- Using commonly encrypted protocols to rapidly and broadly distribute ransomware or other malicious files without detection
- Data exfiltration from databases, storage clusters, or cloud storage across encrypted protocols
How the City of Dallas Leverages RevealX for Unmatched Network Visibility

RevealX Detects Threats Other Tools Miss
Other tools use Encrypted Traffic Analysis (ETA), which fails to detect most modern attacks and misses the necessary historical data for rapid response.
RevealX uses targeted decryption to expose the new breed of advanced threats, detect malware in encrypted traffic, and help you take back the advantage from cyberattackers.
PrintNightmare and Ransomware
The PrintNightmare vulnerability offers attackers an encrypted channel for lateral movement and distribution of ransomware. The vulnerability affects every version of Windows.
ProxyLogon
The Microsoft Exchange vulnerabilities known collectively as ProxyLogon enable remote code execution across an encrypted channel. The potential impact is enormous due to the ubiquity of Microsoft Exchange.
Microsoft Protocol Attacks
Microsoft authentication protocols such as Kerberos, as well as application protocols such as SMBV3, are commonly abused by attackers to maintain stealth while using encrypted living-off-the-land techniques.
When our organization was hit by DarkSide ransomware, ExtraHop Reveal(x) alerted us to activity at the very outset of the attack. We were able to use that information to act quickly to stop further exfiltration and encryption.
LARGE NORTH AMERICAN RETAILER