Detecting & Mitigating Cyber Attacks

Uploaded on 2021-08-23 in TECHNOLOGY--Resilience, FREE TO VIEW

Identity systems continue to be a prime attack vector for cyber criminals despite well-known vulnerabilities, especially in Active Directory, the core identity store for 90 percent of businesses worldwide. Indeed, Mandiant FireEye researchers have reported that 90% of the incidents they investigate involve Microsoft's Active Directory in some way. 

Since the surge in identity-related attacks and vulnerabilities like the Colonial Pipeline breach there has been a lot more  expert advice available and now the identity protection experts at Semperis have released their Active Directory Security Halftime ReportThis is the first in a periodic series of insights and practical skill-building resources for preventing and mitigating identity-related cyber-attacks. 

“Cybersecurity programs, big and small, are on the front lines of a new war that has virtually no boundaries and no rules of engagement,”said Mickey Bresman, CEO at Semperis. “If you think about hospitals that can’t access their systems to save a life, or cities that get held hostage, we have a responsibility to help organizations take back control. That’s what drives us... Active Directory remains the beating heart of identity management, the core of the identity platform for most organisations, but everything around it has changed rapidly.”

“AD secure configuration was not as much of a concern 15 years ago, and many recommendations that were provided at the time turned out to be insecure and have been completely revised since, so a lot of the mistakes that were made then are the problems organisations now need to address,” Bresman said.

Bresman also calls out lagging skill sets at a time when conversations about protecting the business from cyber attack are converging for identity and security teams.

“You have people that know AD extremely well, but their thinking is more operationally related,” said Bresman. “Or you have people that know red-teaming and security extremely well, but they are not AD experts. It's not that simple to find that combination of skills in a single person.” 

The Semeperis Report highlights the essential areas of focus for identity and access management (IAM) teams, security teams, and CISOs responsible for guarding organisations’ identity systems. More than two-thirds of the Halftime Report provides how-to guidance from highly experienced identity experts (including longtime recognized Microsoft MVPs) for preventing, mitigating, and recovering from identity system cyber-attacks.

With an emphasis on fast-track skills-building for identity and security professionals, the Active Directory Security Halftime Report consolidates:  

  • Practical guidelines for hardening AD security by closing common gaps that can be uncovered with the free security assessment tool Purple Knight, built by Semperis identity and access management (IAM) experts 
  • New perspectives on building a cyber-resilient organisation by breaking down silos between identity and security teams 
  • Tips for managing security in increasingly complex hybrid identity systems, particularly across on-premises Active Directory and Azure Active Directory environments 
  • Trends in cyber criminals’ tactics for compromising identity systems, as highlighted in the monthly Semperis Reports.  
  • The Active Directory Security Halftime Report, will be updated on a periodic basis to serve as a timely, concise index of resources for organisations that have prioritised hardening their Active Directory and Azure Active Directory defenses against escalating cyber-attacks. 

Although the threat landscape is continually expanding, organisations can improve their security posture by methodically identifying and addressing the well-known identity-related vulnerabilities covered in the Semperis Active Directory Security Halftime Report.

“Regardless of the particular mix of on-premises and cloud systems and assets, every organisation will need to protect the identity store,” said Bresman. “Identity is going to continue to play a huge role in the protection game that we are playing against the adversaries.”

Semperis:          Mandiant FireEye:

You Might Also Read:

Hackers Delight: Poor Password Security:

 

« NSA Warning - Avoid Public Wi-Fi
Pakistan’s New Cyber Security Policy »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Defense Media Group (CDMG)

Cyber Defense Media Group (CDMG)

CDMG is the leading global media group for all things cyber defense.

Rapid7

Rapid7

Rapid7 unites cloud risk management and threat detection to deliver results that secure your business and ensure you’re always ready for what comes next.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

Information Technology & Cyber ​​Security Service (STISC) - Moldova

Information Technology & Cyber ​​Security Service (STISC) - Moldova

STISC is a public institution whose purpose is to ensure the administration, maintenance and development of the information technology infrastructure in Moldova.

Stealthcare

Stealthcare

Stealthcare is a full service, global cyber security firm offering solutions that educate, empower and protect.

KIOS Center of Excellence (KIOS CoE)

KIOS Center of Excellence (KIOS CoE)

KIOS carries out top level research in the area of Information and Communication Technologies (ICT) with emphasis on the Monitoring, Control and Security of Critical Infrastructures.

Vesta

Vesta

Vesta Corporation is a global provider of a scalable suite of fraud and payment solutions for online commerce.

APERIO

APERIO

APERIO, the global leader in industrial data integrity, helps its customers drive profitability and sustainability while mitigating risk in their industrial operations.

Alpine Cyber Solutions

Alpine Cyber Solutions

Alpine Cyber is a Managed IT Service Provider focused on cybersecurity and cloud services.

IP Twins

IP Twins

IP Twins offer a wide range of services related to domain names and online brand protection.

Vumetric Cybersecurity

Vumetric Cybersecurity

Vumetric is an ISO9001 certified company offering penetration testing, IT security audits and specialized cybersecurity services.

Grip Security

Grip Security

Grip Security provides comprehensive visibility, governance and data security to help enterprises effortlessly secure a burgeoning and chaotic SaaS ecosystem.

PacketViper

PacketViper

PacketViper’s Deception360 actively defends networks with deception-based threat detection and automated response to both external and internal cyber threats.

Deutsche Gesellschaft für Cybersicherheit (DGC)

Deutsche Gesellschaft für Cybersicherheit (DGC)

As a leading provider of cyber security, DGC supports companies in taking advantage of the opportunities offered by the digital transformation – and in minimizing the associated risks.

Fulcrum Technology Solutions

Fulcrum Technology Solutions

The Fulcrum team of technologists are recognized experts in the fields of IT Infrastructure Technology, Security, Service Management and Support.

NetAlly

NetAlly

NetAlly network test solutions help engineers and technicians better deploy, manage, maintain, and secure today’s complex wired and wireless networks.