Detecting & Mitigating Cyber Attacks

Identity systems continue to be a prime attack vector for cyber criminals despite well-known vulnerabilities, especially in Active Directory, the core identity store for 90 percent of businesses worldwide. Indeed, Mandiant FireEye researchers have reported that 90% of the incidents they investigate involve Microsoft's Active Directory in some way. 

Since the surge in identity-related attacks and vulnerabilities like the Colonial Pipeline breach there has been a lot more  expert advice available and now the identity protection experts at Semperis have released their Active Directory Security Halftime ReportThis is the first in a periodic series of insights and practical skill-building resources for preventing and mitigating identity-related cyber-attacks. 

“Cybersecurity programs, big and small, are on the front lines of a new war that has virtually no boundaries and no rules of engagement,”said Mickey Bresman, CEO at Semperis. “If you think about hospitals that can’t access their systems to save a life, or cities that get held hostage, we have a responsibility to help organizations take back control. That’s what drives us... Active Directory remains the beating heart of identity management, the core of the identity platform for most organisations, but everything around it has changed rapidly.”

“AD secure configuration was not as much of a concern 15 years ago, and many recommendations that were provided at the time turned out to be insecure and have been completely revised since, so a lot of the mistakes that were made then are the problems organisations now need to address,” Bresman said.

Bresman also calls out lagging skill sets at a time when conversations about protecting the business from cyber attack are converging for identity and security teams.

“You have people that know AD extremely well, but their thinking is more operationally related,” said Bresman. “Or you have people that know red-teaming and security extremely well, but they are not AD experts. It's not that simple to find that combination of skills in a single person.” 

The Semeperis Report highlights the essential areas of focus for identity and access management (IAM) teams, security teams, and CISOs responsible for guarding organisations’ identity systems. More than two-thirds of the Halftime Report provides how-to guidance from highly experienced identity experts (including longtime recognized Microsoft MVPs) for preventing, mitigating, and recovering from identity system cyber-attacks.

With an emphasis on fast-track skills-building for identity and security professionals, the Active Directory Security Halftime Report consolidates:  

  • Practical guidelines for hardening AD security by closing common gaps that can be uncovered with the free security assessment tool Purple Knight, built by Semperis identity and access management (IAM) experts 
  • New perspectives on building a cyber-resilient organisation by breaking down silos between identity and security teams 
  • Tips for managing security in increasingly complex hybrid identity systems, particularly across on-premises Active Directory and Azure Active Directory environments 
  • Trends in cyber criminals’ tactics for compromising identity systems, as highlighted in the monthly Semperis Reports.  
  • The Active Directory Security Halftime Report, will be updated on a periodic basis to serve as a timely, concise index of resources for organisations that have prioritised hardening their Active Directory and Azure Active Directory defenses against escalating cyber-attacks. 

Although the threat landscape is continually expanding, organisations can improve their security posture by methodically identifying and addressing the well-known identity-related vulnerabilities covered in the Semperis Active Directory Security Halftime Report.

“Regardless of the particular mix of on-premises and cloud systems and assets, every organisation will need to protect the identity store,” said Bresman. “Identity is going to continue to play a huge role in the protection game that we are playing against the adversaries.”

Semperis:          Mandiant FirEye:

You Might Also Read:

Hackers Delight: Poor Password Security:

 

« NSA Warning - Avoid Public Wi-Fi
Pakistan’s New Cyber Security Policy »

Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Latvian Information & Communications Technology Association (LIKTA)

Latvian Information & Communications Technology Association (LIKTA)

LIKTA brings together leading Latvian companies, organizations and professionals in the field of Information & Communications Technology

Polyverse

Polyverse

Polyverse offers application security, zero-day defense, proactive cyber resiliency and more. Protect your critical applications with moving target defense.

CSIRT-IE

CSIRT-IE

CSIRT-IE is the body within the NCSC that provides assistance to constituents in responding to cyber security incidents at a national level for Ireland.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

UMBRA

UMBRA

UMBRA is solely concerned with protecting governments against Nation State attacks. We are not a consumer or enterprise company.

DataDog

DataDog

DataDog provides Cloud-native Security Monitoring. Real-time threat detection across your applications, network, and infrastructure.

SecureNation

SecureNation

SecureNation offers a wide variety of cutting-edge technologies and IT services to address almost any of your information security, network security and information assurance needs.

Information & Communications Technology Association of Jordan (int@j)

Information & Communications Technology Association of Jordan (int@j)

The Information & Communications Technology Association of Jordan is a membership based ICT and IT Enabled Services (ITES) industry advocacy, support and networking association.