For Cybersecurity professionals, these are not easy times. Data breaches are reported daily and malware seems to evade- or break through perimeter defenses like firewalls, privileged access management (PAM) and multi-factor authentication with ease.
As bad as that sounds, however, things appear to be getting worse. Organized crime and ransomware gangs threaten to lock down your IT environment, holding you, your employees, and your data hostage. Sophisticated adversaries, including nation-state actors, target your critical controls infrastructure and your software supply chain. They’re looking to burrow deep into your IT environment with persistence, access, and sysadmin privileges.
The fact is: organizations can no longer count on stopping threats at their perimeter. Addressing these threats requires a different constellation of security post-breach controls and a different approach - from the inside out. They need to start at the core of the IT environment: validating basic critical control infrastructure related to authentication, authorization, and identity.
Active Directory: Attackers’ #1 Target
At the top of the list, for almost every organization, is Microsoft’s Active Directory, which is the dominant identity service in most organizations with a 95% market share in the enterprise. In fact, many major breaches reported in the media have a common thread of Active Directory being compromised and used by the attackers after their initial breach.
Why? As QOMPLX CSO Andy Jaquith recently noted, Active Directory is an “overstuffed Turkey” that presents a huge opportunity to cyber adversaries: a list of users and their relevant contact details; a list of servers and workstations known to the administrators; and a lightweight entitlements repository, among others.
“Active Directory does so much, and is so complex, that it cannot be effectively secured,” Jaquith observed.
Download Our New Report
If Active Directory is so critical to the security of your organization, why do so many firms take a hands off approach to AD security? In our latest report, we explore that issue and offer some steps organizations can take to shore up the security of this Critical Control Infrastructure.