active directory security | QOMPLX

  • Back

Blog

Active Directory Security: Trust But Verify

Jason Crabtree, QOMPLX CEO & Co-founder, explains in a video interview with Security Guy TV why security and risk teams have to be able to dig into some of the fundamental assumptions for Kerberos Security and Active Directory Security. Here are a few key takeaways from the interview.

People Assume It's Working but Maybe It's Not
It’s great to look at how we can get visibility on data or on people, but we ultimately have to keep coming back to ask, “what are the assumptions,” “have we validated that they are still applicable?”

Risk managers must dig into and test the fundamental assumptions to know what they based their downstream investments and operational decisions on. For example, if a user’s identity can be forged, then none of your other solutions will provide the benefits they claim because you can’t trust the user information that you have.

Jason explains that, "instead of just looking at heuristics, we validate that the protocol works correctly. That is so important because your security programs assume authentication is correct."

The Importance of Behavior
If the behavioral analysis inside an enterprise is based on mis-attributed traffic to identities that aren't the right ones because people are forging tickets in Active Directory -- and you haven't detected that -- you end up with a real challenge. You have to look at the root of trust.

Trust but Verify
If you want to go really advanced in terms of privilege escalation, coming back to what we do in the Active Directory world, you’ve got to be careful with insider threat programs where you don’t actually validate that the authentications are real.

What’s Your Exposure?
All CIOs and CISOs should immediately look into their exposure to Active Directory/Kerberos exploits and understand that if they can’t trust the identities of users, then other cyber defense tools and investments are compromised as well.

Watch full interview

More Posts

Card image cap
Attack surface risk signals: DNS records

Published Oct 14, 2021

Card image cap
Identify and Fight the Phish #CyberMonth

Published Oct 12, 2021

Card image cap
Offensive Security Service Data Sheet

Published Sep 28, 2021

Card image cap
Offensive Security Service Tech Spec

Published Sep 28, 2021