Page 90 - Cyber Defense Magazine RSA Edition for 2021
P. 90
What You Need to Know About Protecting Active
Directory, the Attack Vector of Choice in 2021
Advanced threats are moving fast and have their eyes set on Active Directory
By Carolyn Crandall, Chief Security Advocate, Attivo Networks
Regardless of whether a cyberteacher’s initial compromise originates from phishing or by exploiting
vulnerabilities, they all have one common waypoint in mind, the company’s Active
Directory (AD). It’s a treasure trove of data, and it stores the critical information needed to
elevate an adversary’s privileges and advance their attacks. Unfortunately, AD is complex and typically
has legacy policies, overprovisioning, and entitlement creep, issues stemming from disjointed growth,
turnover, and M&A. This all makes monitoring for bad amongst good activity very hard to detect. Sadly,
the loss or misuse of domain control can be devastating, as seen in the recent SolarWinds, Microsoft,
FireEye, and other high-profile ransomware attacks. These incidents should serve as a megaphone for
every CISO and CIO that protecting Active Directory must be a top priority.
Protecting Active Directory is multifaceted and isn’t about doing only one thing well. It
requires mitigating risks, hardening AD systems, and efficiently detecting live attacks. Because AD is
also commonly managed across IT and security teams, this can add to its management complexity.
Some of the top things that organizations can do to improve their AD security posture include
implementing least privileges and tiered admin accounts with limited extra privileges. They
can also collect audit logs and sending them to SIEMs or UBA systems to reactively find threats.
90
