Active Directory sits in a dangerous security blind spot
By Carolyn Crandall, chief security advocate, Attivo Networks
The Importance of Active Directory
Active Directory can be considered the GPS of the enterprise, providing authentication across resources that span the entire network. Over 90% of Global Fortune 1,000 companies use AD, making it a nearly universal authentication solution. Microsoft has estimated that threat actors attack 95 million AD accounts each day, and that number is likely even higher now. The prevalence of identity-based attacks further underscores AD’s value to attackers, and the 2021 Verizon Data Breach Investigations Report (DBIR) reinforces this point, noting that 61% of breaches now involve credential data.
Unfortunately, AD is notoriously difficult to secure because it touches nearly everything on the network—and it is constantly changing. The need for operational efficiency results in overprovisioning, which creates problems of its own as organizations overlook security policies and grant unintended access and control. Most organizations will attempt to mitigate this risk by using logs and SIEMs to protect their AD environments, but this is neither complete nor effective when detecting attacks in a timely fashion. Others look to Microsoft AD audits and tools to find risks. This approach also has limitations in that these tools are generally used periodically or are extremely limited in their ability to detect and understand dangerous exposures. Organizations must look beyond traditional security tools and toward newer innovations that provide continuous visibility to AD vulnerabilities, exposures, attacks, and unauthorized access.
Don’t Overlook AD Protection
AD is a prime example of a high-risk environment left dangerously unprotected. Although it represents a potential gold mine for attackers, AD sits awkwardly between endpoint and access management solutions, causing joint management and security gaps driven by a conflict in goals over its use and control. Identity teams want it operational, while management wants it to be efficient—both of which often come at the expense of security. Security teams need AD to be more secure but lack the tools to understand the risks and to influence prompt remediation. They also often lack the power to make changes to risky configurations since it could limit access for others or have unintended consequences. Only tools that provide greater visibility and a better understanding of the risks can bring them together and drive alignment on critical fixes.
Executives think of Active Directory as a service: a central management platform that ensures employees can get easy access to the resources they need. In their minds, tools like firewalls, logs, and SIEMs, combined with periodic audits, should keep AD sufficiently protected. Unfortunately, this is not the case, even if a full audit was made only days ago. Taking a passive stance on AD may have been sufficient in the past, but recent large-scale attacks have demonstrated how attackers can obtain genuine credentials to impersonate actual employees and pass straight through most identity systems. It would be negligent to leave AD exposed and at risk of compromise.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise