Attivo Networks Blogs

New Analyst Report – The Need for Identity-First Active Directory Protection

New Analyst Report

Written by: Carolyn Crandall, Chief Security Advocate – Although organizations have placed security at the top of their priority list and invested heavily in cybersecurity technologies – from the network perimeter to the endpoint – attackers are still achieving high success.

Aite Novarica, an advisory firm that provides mission-critical insights on technology, regulations, strategy, and operations to enterprise clients, recently released a new report “Zero Trust Starts with Identity.” The report encourages an identity-first approach to meeting security challenges and understanding why Active Directory (AD) is an attacker’s primary target and ‘ground zero’ for the zero trust movement.

Solving Zero Trust’s Identity Crisis – It Starts with Active Directory

Organizations place a priority on protecting the network perimeter to the endpoint, but attackers still bypass these protections by compromising identities. Active Directory is the focal point for managing identities and privileges in most enterprises, making it “ground zero” for the zero-trust movement.

And yet, AD is either misunderstood, or only treated as operational plumbing for access management. It is often therefore largely unprotected, leading to devastating losses. Almost every attacker aims to navigate AD domains and manipulate their weaknesses, the report states, and for good reason. Stolen AD credentials are the perfect complement to execute ransomware and other various attack types.

AD is more vulnerable than ever before, with many organizations burdened with outdated policies on AD domains acquired through multiple mergers and acquisitions, and past administrator shortcuts. Compounding this challenge: attacks such as DCSync, DCShadow, Silver Ticket, and Golden Ticket are difficult to spot in real time since they rarely leave traces in activity logs.

As confirmed in a recent EMA Research report, 50% of organizations studied had experienced an Active Directory attack within the last one to two years, and over 40% indicated that attackers successfully breached their AD implementation.

The Evolving Threat Landscape – Identity is Now the New Perimeter

The report includes a detailed overview of the current state of the identity-based threat landscape, highlighting Zero Trust as “an attitude of resilience” rather than a specific technology or execution methodology. It describes the importance of containing an attack’s damage and how it motivates chief information security offers (CISOs) to gain security control across the enterprise.

The report defines comprehensive AD security as consisting of preventative assessments and corrections of misuse and misconfigurations coupled with ongoing detection of live, active attacks. This definition sets the stage for evaluating AD Protection solutions.

Active Directory Protection Solutions Evaluated

Profiles and evaluations of five global vendors and their AD protection solutions are the core of the report, with an explanation of the benefits and drawbacks of deployment on the endpoint vs. network. The report lists thirteen of the most common vulnerabilities, with each vendor noted as either providing prevention, detection, or both. Attivo was represented as the strongest vendor, showing both prevention and detection for the majority of the vulnerabilities listed.

The vendor profiles show an analyst point of view of their strengths and challenges, providing security executives with knowledge to make informed decisions as they select Activity Directory Protection solutions.

Key Report Takeaways

The Aite Novarica report offers straightforward advice for CISOs and IT executives who are planning to implement identity-first security for their organizations. The report promotes deploying solutions that that prevent and detect AD vulnerabilities, threats, and attacks to provide the most comprehensive security coverage.

Identity-focused Active Directory Protection

The report’s analysis and guidance reinforce the importance of focusing on identity protection and implementing comprehensive security that protects Active Directory. Organizations should implement solutions that include identity visibility, attack prevention and detection, and the ability to detect live attacks to control, contain and minimize damage caused.

Identity Detection and Response (IDR), a somewhat new category, was born from the need to address specific gaps in identity protection and expand zero-trust architecture. IDR solutions detect credential theft, privilege misuse, and risk entitlements that create attack paths to high-value targets like Active Directory (AD). Most IDR solutions can also isolate a system believed to be compromised, keeping the attacker isolated from the rest of the network.

Download “Zero Trust Starts with Identity, Protecting Active Directory” here, and for more information on the Attivo Networks Active Directory Protection solutions, go here.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

1 × 5 =

Ready to find out what’s lurking in your network?

Scroll to Top