active directory security | QOMPLX

  • Corporate
  • Aug 26, 2019
  • By QOMPLX

Active Directory Security: Trust But Verify

Active Directory Security:  Trust But Verify

Jason Crabtree, QOMPLX CEO & Co-founder, explains in a video interview with Security Guy TV why security and risk teams have to be able to dig into some of the fundamental assumptions for Kerberos Security and Active Directory Security. Here are a few key takeaways from the interview.

People Assume It's Working but Maybe It's Not
It’s great to look at how we can get visibility on data or on people, but we ultimately have to keep coming back to ask, “what are the assumptions,” “have we validated that they are still applicable?”

Risk managers must dig into and test the fundamental assumptions to know what they based their downstream investments and operational decisions on. For example, if a user’s identity can be forged, then none of your other solutions will provide the benefits they claim because you can’t trust the user information that you have.

Jason explains that, "instead of just looking at heuristics, we validate that the protocol works correctly. That is so important because your security programs assume authentication is correct."

The Importance of Behavior
If the behavioral analysis inside an enterprise is based on mis-attributed traffic to identities that aren't the right ones because people are forging tickets in Active Directory -- and you haven't detected that -- you end up with a real challenge. You have to look at the root of trust.

Trust but Verify
If you want to go really advanced in terms of privilege escalation, coming back to what we do in the Active Directory world, you’ve got to be careful with insider threat programs where you don’t actually validate that the authentications are real.

What’s Your Exposure?
All CIOs and CISOs should immediately look into their exposure to Active Directory/Kerberos exploits and understand that if they can’t trust the identities of users, then other cyber defense tools and investments are compromised as well.

Watch full interview

You might also be interested in

Empowering enterprises to stay ahead of evolving threats

Empowering enterprises to stay ahead of evolving threats

QOMPLX recently joined the IBM Security App Exchange. Here’s why the integration will take your security to the next level.

Read more
Identify and Fight the Phish #CyberMonth

Identify and Fight the Phish #CyberMonth

Phishing attacks are an easy way for a bad actor to gain access to a network. Once inside, they can cause devastating losses.

Read more
How much automation?

How much automation?

Automation of underwriting decisions has a very tangible benefit - cost savings. When rules are automated and decisions are made based on reliable supporting data, underwriters can focus on the outliers and make the most of their precious time.

Read more
Request a Demo

Interested in learning more?

Subscribe today to stay informed and get regular updates from QOMPLX.