Protecting Your Active Directory & Prev …
If your answer to the question, “what keeps you up at night?” is “my active directory,” then you’re probably a security professional.
For those not “in the loop,” the active directory (AD) is a Microsoft product that is designed to give permissions and access to networked resources on a Windows network. And, according to information from Attivo Networks, it’s a high-value target for attackers, as it’s the source of sensitive data like user and system accounts.
Specifically, hackers target accounts with escalated privileges, granting them access to the widest possible range of company data. After all, if a hacker can reach the highest levels of access, what’s stopping them from taking full advantage of those privileges?
But unfortunately, keeping your AD safe is no small task. AD administrators are often strapped with tasks that require them to balance daily operations with restrictive security measures.
Privilege Escalation Basics
Privilege escalation takes place when a user gains access to privileges they’re not supposed to have. This is often the result of a bug or an error in the design of the infrastructure.
There is vertical privilege escalation where a lower-privilege user can access functions meant for someone with higher privileges. There;s also horizontal privilege escalation where a user can access content for another user that’s not necessarily meant for them. Of the two, vertical privilege escalation is clearly the bigger threat for organizations, but horizontal attacks can certainly impact the trust a user has in your organization.
These attackers look for vulnerabilities, create and utilize the exploit, and then continue to gain additional privileges.
Attivo Networks has been working with companies to prevent privilege escalation and AD attacks for many years now, and have assessed the types of challenges that organizations face in overcoming these The company cites those challenges to be:
- Most organizations monitor logs for unusual behavior, which doesn’t provide real-time assessment of Active Directory to detect exposures or changes in settings and policies that may introduce weaknesses for attackers to leverage.
- Multi-level IT teams manage Active Directory and can introduce changes without understanding the risk or exposures that these additions can cause.
- Existing security controls are not AD-aware and lack the ability to detect mass changes from brute force attacks, DCsync, DCshadow, and similar attack “tactic.
Finding the Right Solution: Proactive vs. Reactive?
It’s important to ensure you’re asking the right questions when it comes to securing your AD. Attivo breaks these down into four key areas: AD cyber hygiene, attack detection from the domain controllers, account issues and attack detection from endpoint.
But with the role of the CISO being pulled in a variety of directions, and resources and funds are almost always limited — it’s so hard to determine whether the best choice is to fight the fire or to prevent it from happening. After all, it’s possible to avoid an attack altogether with some luck and a half-way decent security protocol.
So, what do you do?
The Data Connectors Community has a team of CISOs with lots of opinions on the matter, and they’ll be discussing this in a Cyber Connect Web Briefing, titled “Stopping Privilege Escalation without Breaking the Bank.” This session is taking place on March 17 at 2:00 p.m. ET. This particular session is sponsored by Attivo Networks.
This session will cover why attackers have been successful gaining privileged access and discuss practical approaches that help organizations modernize their security defenses.
Some of the key points discussed are:
- Why attackers have been successful and will continue to be
- What decisions lead to infrastructure weaknesses of so many organizations
- How MITRE ATT&CK® and Shield serve to identify security control gaps
- How CISOs can gain management buy-in and support
Space is limited so be sure to sign up soon for exclusive access to this Web Briefing.
Recent news posts
State, Local, Federal Cybersecurity Executives Confer On 2022 Threats, Attack Landscape
Your Weekly DHS/CISA Threat Assessment (September 14)
Assistant to the Special Agent in Charge at USSS-DHS Leads Keynote Presentation in Philadelphia
CISA Insights: Risk Considerations for Managed Service Provider Customers
Your Weekly DHS/CISA Threat Assessment (September 3)
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.