Page 120 - Cyber Defense eMagazine September 2022
P. 120
Top 10 Actions to Repel and Recover from Active
Directory Attacks
By Sean Deuby, Director of Services, Semperis
Active Directory is foundational to on-premises and hybrid identities that are everywhere in enterprise
environments and the cloud today. It is also key to a zero-trust security architecture. As a result, it’s a
primary target of a cyberattack: Security company Mandiant says that Active Directory is involved in 90%
of attacks that it is called in to investigate.
Here are 10 actions to take now to protect your organization against Active Directory attacks.
1. Implement good identity lifecycle processes
Protecting identities and access in your environment is essential to maintaining a secure environment.
There are some incredible tools out there to help with this, but you can improve your identity lifecycle
processes with something as simple as a calendar. Set review dates, audit access, and run a regular
process to:
• Remove inactive users and computers
• Regularly review privileged access, especially paths to Tier 0 accounts and systems
• Regularly update service accounts with long, strong, random passwords
These actions help avoid attacks such as Kerberoasting, which enables attackers to elevate their
privileges by gaining access to passwords for service accounts on the domain.
Cyber Defense eMagazine – September 2022 Edition 120
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.