When you think about securing your IT environment, what’s top of mind? The answer is usually preventing data breaches and protecting critical data—intellectual property, information on people and so on.
When we look at the systems that need to be secured in order to protect those data sets, many often overlook Microsoft Active Directory.
Used by more than 90 percent of organizations, when Active Directory is compromised, attackers can gain access to the entire IT infrastructure. You may not realize it, but this application is currently under heavy attack because our adversaries know its value.
Let’s take a closer look at the five critical questions to ask about your IT security that you may not have thought of.
(For a deeper dive into this topic, check out a recent webinar on critical security questions CIOs are asking.)
1. Why Is Active Directory the Most Important System to Protect?
Did you know the blast radius of an Active Directory breach impacts the whole enterprise? Active Directory is a central hub that controls access to IT systems, users, computers, apps and more.
Many organizations simply don’t realize this, and treat Active Directory as an operational application that, frankly, isn’t top of mind for most security teams or the executive staff.
2. Why Are Breaches Usually a Result of Compromised Credentials?
The reports we hear about hackers can sometimes be glorified versions of what’s really happening behind the scenes with cybercriminals.
True, some of the high-tech, government-funded hacking does exist, but those cases are few and far between when compared to the old-hat methods that our adversaries have come to rely on.
These adversaries want to go after what’s easiest, and one of the easiest ways to get into a system is to gain access to privileged user identity. And because human error is so prevalent in these types of attacks, it’s a sought-after target.
In fact, the “Verizon 2016 Data Breach Investigations” report found humans are often a key component of an attack. They are the target of phishing, pretexting, bribery and solicitation tactics, which attempt to trick a user into revealing information that allows the attacker to penetrate systems. And data from Verizon show that 63 percent of data breaches involved weak or stolen passwords.
Take this real-world scenario that happened to someone we know: your teenage son uses your laptop to check his email, and inadvertently clicks on an infected message, which unlocks access to your domain admin credentials.
What do you do? At the end of the day, the system is no more secure than the privileged credentials that are used to manage it. And it’s not just your domain admins you need to worry about—there’s a whole host of other users that could be a target.
3. What Tools Are the Attackers Using Today?
The tools cybercriminals are using to get into Active Directory are highly specialized, and many are different than what you would think of being used in the standard phishing attack.
For years, penetration testing teams aka “red teams” have been testing the Active Directory through various publicly available tools that hackers have caught onto, and can easily access on sites like GitHub, such as:
What’s alarming is that if you talk to red teams, they almost always have a 100 percent success rate in penetrating Active Directory systems.
4. Why Isn’t Our Existing IT Security Stopping These Attacks?
A shift in mindset needs to happen in order to usher in a new way of protecting common attacks against privileged data. Because Active Directory is viewed as a utility rather than a business growth driver, it’s tough to prioritize over other IT projects.
Therefore, most organizations have not implemented effective countermeasures to safeguard the Active Directory environment against the wide variety of attack tools used by cybercriminals today.
Many organizations are spending time protecting perimeters based on outdated philosophies about them. The common mindset is that the bad guys are outside the perimeters—kind of akin to the security one might feel in their home if they had a security system installed.
Right now, every organization needs to assume breach: that the attackers have a way to get in, it’s now just a question of how you can contain what they can do.
5. How Do You Assess Your Active Directory Security?
Microsoft has been talking about securing privileged access for years, but it’s often a complex task to take best practice recommendations, interpret them and apply them to your own, unique environment.
There are essentially four areas you want to look at when securing your active directory: your Active Directory hygiene, securing the admin environment, protecting domain controllers and building administrative forests.
As we head into 2017, we need to be asking different questions of our IT infrastructure and its security. The same old approach isn’t getting us anywhere: we spend more while our adversaries continue to breach our systems using methods that we can disrupt with the right approach.
To learn more about protecting your active directory, go here.