In Many Cases Active Directory Is The Last Line Of Defence

Uploaded on 2022-10-11 in TECHNOLOGY--Resilience, FREE TO VIEW

Organisations of all sizes and across every industry are failing to address Active Directory (AD) security gaps that can leave them very vulnerable to cyber attacks. AD is a massive and complex attack surface that has long been a prime target for criminals seeking valuable privileges and data.

AD is a database and set of services that connect users with the network resources they need to get their work done. The database, or directory, contains critical information about your environment, including what users and computers there are and who's allowed to do what.

AD stores information about objects on the network and makes this information easy for administrators and users to find and use.

Active Directory uses a structured data store as the basis for a logical, hierarchical organisation of directory information. But incident responders have found that the AD service is involved in the bulk of attacks they investigate, underscoring major security challenges for defenders.

This is according to results from a survey of IT and security leaders who have deployed Purple Knight a free security assessment tool, in their environments. Organisations scored an average of 68% across five Active Directory security categories, a barely passing grade.

Large organisations fared even worse in the assessment, reporting an average score of 64%, indicating that the challenges in securing Active Directory expand with legacy applications and complex environments, particularly in large organisations.

AD Security Vulnerabilities

Microsoft AD  was a revolutionary technology at the time of launch - originally released with the Windows 2000 server operating system - continues to support much of the connected world and has prevailed over other directories for one core reason: it was open.

It is because of this openness and ease of integration that AD remains to this day a foundational piece of infrastructure for 90% of businesses. However, its biggest strength 21 years ago has since become its most concerning weakness.

The Threat

If you take into account that a hacker can use any unprivileged AD account to read almost all attributes and objects in AD, including their permissions, allowing them to find computer accounts in any domain of an AD forest that are configured with unconstrained delegation, then you get an idea for why the default AD openness has become a vulnerability.

Today, due to the disappearance of the network perimeter, identity has become the last line of defence from cyber attacks. 

Mandiant has recently reported that 90 percent of the incidents they investigate involve AD in one form or another. Some of the largest and most recent AD security breaches include SolarWinds and the Colonial Pipeline attack which made headlines due to their scale and the disruption caused when Microsoft AD went down.

Purple Knight

Semperis is a pioneer in managing and protecting the identity credentials of enterprises' hybrid environments and was purpose-built for securing AD. Last year it launched a free AD security assessment tool, Purple Knight and has  recently released the findings of data from a thousand security leaders that have deployed Purple Knight.

Key summary of findings:

Organisations overall scored an average of 68%:   Across five Active Directory security categories; AD delegation, account security, AD infrastructure security, Group Policy security, and Kerberos security. This is barely passing grade. 

Large organisations fared even worse:   Reporting an average score of 64%—indicating that the challenges in securing Active Directory expand with legacy applications and complex environments, particularly in large organisations.

Organisations reported the lowest scores for Account Security:  This includes  individual accounts, such as privileged accounts with a password that never expires.

Insurance companies:   Reported the lowest overall scores (55%), followed by healthcare (63%) and transportation (64%)

Transportation companies:  Reported utterly failing scores in Group Policy (36%) and Account Security (46%) 

Public infrastructure companies:   Scored the highest overall (71%), followed by government entities (70%)

Respondents cited various catalysts for downloading the security assessment, ranging from a proliferation of attacks in their industries, organisational mandates, or post-breach remediation.

Many of the respondents said they were surprised by the findings of their Purple Knight reports and in ollow-up interviews with respondents, the research also found that:

  • Misconfigurations proliferate in organisations with legacy Active Directory implementations
  • Organisations struggle with a lack of Active Directory expertise 

A recent 451 Research report said, “Directory services sit at the heart of most firms’ IT strategies, and as such they have become mission-critical assets that can present dire consequences if compromised, as we have learned from the now infamous SolarWinds supply-chain attack, and the Hafnium attack on Microsoft Exchange.”

Speaking about the report the CEO of Semperis, Mickey Bresman, commented “We saw that many companies don’t have a good understanding of the Active Directory exposures that adversaries are able to use against them... We wanted to give security teams that don’t have deep AD expertise a way to understand their AD security posture, and then close any existing gaps so that adversaries won’t use those against them.”

The report includes more information about the security indicators that were flagged, responses from the IT and security leaders on what it revealed for their organisation and, importantly, the steps that they are putting in place to close these gaps.

While some businesses are doing a better job at discussing and securing Active Directory compared to a decade ago, there is still much more work  to be done. 

Semeperis:    Microsoft:    Dark Reading:   Lepide:     Quest

You Might Also Read: 

Azure Active Directory Recycle Bin Won’t Save Your Critical Data:

 

« Germany Warns About Russian Anti-Virus Software
Improving The Security Of Open Source Software »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Joe Security

Joe Security

Joe Security specializes in the development of automated malware analysis systems for malware detection and forensics.

Applied Security (APSEC)

Applied Security (APSEC)

APSEC provides products and services in the areas of encryption, digital signature, authentication and data loss prevention.

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions is an industry leading Data Sanitization Software, Hardware and Onsite Service Provider.

Collins Aerospace

Collins Aerospace

Collins Aerospace provides cybersecurity services and systems to protect critical infrastructure facilities and railroad operations.

Stealth Software Technologies

Stealth Software Technologies

Stealth Software Technologies is focused on the generation of research and software products focused on applied cryptography and cybersecurity.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

CyberQP

CyberQP

CyberQP (formerly Quickpass Cybersecurity) provide Privileged Access Management built for MSPs. Our system is designed to reduce ransomware and social engineering attack risks.

Mosyle

Mosyle

Businesses and educational institutions rely on Mosyle to manage and secure their Apple devices and networks.

Black Girls In Cyber (BGiC)

Black Girls In Cyber (BGiC)

Black Girls In Cyber's mission is to increase industry awareness and diversity in cybersecurity, privacy, and STEM for women of color.

Suffescom Solutions

Suffescom Solutions

Suffescom Solutions is a leading blockchain development company, assisting businesses in harnessing the true potential of blockchain technology.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

Oz Forensics

Oz Forensics

Oz Forensics is a global leader in preventing biometric and deepfake fraud. It is a developer of facial Liveness detection for Antifraud Biometric Software with high expertise in the Fintech market.

Orchestrate Technologies

Orchestrate Technologies

Orchestrate Technologies provides computer network and IT managed services for small and mid-market clients as well as small enterprise businesses.

Jot Digital

Jot Digital

Jot Digital is a full-service technology company specializing in digital engineering, application modernization and business transformation.

ESProfiler

ESProfiler

Enterprise Security Profiler. Empowering CISOs with clarity & confidence in their security programme by visualising capabilities, usage and spend against their key threat priorities.

IT-Schulungen.com / New Elements GmbH

IT-Schulungen.com / New Elements GmbH

Under the name IT-Schulungen.com, the Nuremberg-based New Elements GmbH has been operating one of the largest training centres in the German-speaking world for over 20 years.