Your Security Auditing is Failing You, and Here’s Why







            A new report on cyberattacks caught my attention. Carbon Black’s November 2018 Quarterly Incident
            Response Threat Report finds that hackers are increasingly destroying security logs to hide attacks.

            Attacks that cover their tracks by disabling or destroying logs are nothing new. What is alarming is the
            prevalence of such attacks: according to the report, 72 percent of incident response (IR) professionals
            encountered this type of attack over the last 90 days.

            As one IR professional remarked, “We’ve seen a lot of destruction of log data, very meticulous cleanup
            of antivirus logs, security logs and denying IR teams the access to data they need to investigate.”

            In this new reality, the question becomes, how do you protect yourself?



                        Active Directory Holds The Keys To The Kingdom



            As the keeper of the keys to the kingdom, identity services are an extremely attractive target for hackers.
            And given Active Directory’s widespread adoption – more than 90 percent of organizations rely on it for
            identity services – it’s especially at risk.

            Statistically  speaking,  your  organization  will  be  hacked  sooner  or  later.  Here  is  a  scenario  that  is
            unfortunately becoming common:

            An attacker breaches the environment by a phishing, password spray, cross-site scripting, or other type
            of attack (the possibilities are virtually endless and constantly changing).  Through lateral movement
            techniques, the attacker gets access to the Domain Admin group. While that is terrible, it’s not actually
            the end goal.





                                 82