IT Wire: Why deception rules in the defence of Active Directory

A long time target for adversaries, Active Directory is getting a long-awaited defensive makeover.

…

One of the most common targets for attackers is Microsoft’s Active Directory (AD). Microsoft launched AD in the late ‘90s, and it quickly became the standard in the identity management market.

By design, AD holds and shares information on the network to regulate users and machines accessing the company’s resources. It is also vital to remember that every computer on the company’s network can talk (has access) to the AD, making it a frequent target for attackers. Once attackers have access to AD, they can quickly identify which accounts to target and that have access to endpoints to compromise for information of interest.

Deception technology makes it such that defenders no longer have to be right all the time. They can stop attackers at the door or sow enough confusion to slow their progress – give them pause, make them think and encourage them to misstep. It’s a change in the defensive posture, but one that’s already making a significant difference to defenders everywhere.

Read the full article by Jim Cook, Attivo Networks.