Attivo Networks Blogs

Half of businesses experience attacks on Active Directory

Beta news logo

Active Directory, the directory-based identity services platform, is used by 90 percent of enterprises worldwide making it an attractive target for hackers.

New research part sponsored by Attivo Networks and conducted by Enterprise Management Associates (EMA) shows half of organizations experienced an attack on Active Directory in the last two years, with over 40 percent saying the attack was successful.

In addition penetration testers successfully exploited AD exposures 82 percent of the time, which suggests that actual attack findings may be under represented due to lack of visibility to exploits.

Because of these threats, 86 percent of organizations say they plan to increase investment in protecting AD. They cite the increased prevalence of AD attacks (25 percent), an increase in remote or work-from-home activity (18 percent), an expansion of cloud usage (17 percent), as well as the prevalence of advanced attacks, such as ransomware 2.0 (15 percent), as top reasons for doing so.

“If you’re not doing your diligence here, like proving during your pen tests that an attacker cannot exploit Active Directory, then you’re not giving sufficient security control,” says Carolyn Crandall, chief security advocate at Attivo Networks. “Also insurance companies are getting more savvy. They have been paying out less and some are refusing to pay out at all. And so, they may start to put this as part of their requirement, that if you don’t protect your credentials and your Active Directory environments you didn’t have proper security protection.”

The survey shows a trend in the repeated mention of privilege escalation and over provisioning issues, as well as lack of visibility to understand misuse and policy drift easily. These discoveries all underscore the point that effective Active Directory protection requires close permission control and access management but must also include multiple layers of visibility and live attack detection.

Crandall adds, “Attivo’s identity detection and response (IDR) solutions squarely address this gap in protection, offering crucial visibility into the AD environment, allowing organizations to address AD attacks in real-time and identify risks within their AD before malicious actors exploit them.”

The full report is available from the Attivo site.

Read the original article by Ian Barker on Beta News.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

nineteen + 1 =

Ready to find out what’s lurking in your network?

Scroll to Top