Top 10 Actions to Repel and Recover from Active


            Directory Attacks

            By Sean Deuby, Director of Services, Semperis




            Active Directory is foundational to on-premises and hybrid identities that are everywhere in enterprise
            environments and the cloud today. It is also key to a zero-trust security architecture. As a result, it’s a
            primary target of a cyberattack: Security company Mandiant says that Active Directory is involved in 90%
            of attacks that it is called in to investigate.

            Here are 10 actions to take now to protect your organization against Active Directory attacks.



            1. Implement good identity lifecycle processes

            Protecting identities and access in your environment is essential to maintaining a secure environment.
            There are some incredible tools out there to help with this, but you can improve your identity lifecycle
            processes with something as simple as a calendar. Set review dates, audit access, and run a regular
            process to:


               •  Remove inactive users and computers
               •  Regularly review privileged access, especially paths to Tier 0 accounts and systems
               •  Regularly update service accounts with long, strong, random passwords

            These  actions  help  avoid  attacks  such  as  Kerberoasting,  which  enables  attackers  to  elevate  their
            privileges by gaining access to passwords for service accounts on the domain.






            Cyber Defense eMagazine – September 2022 Edition                                                                                                                                                                                                         120
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.