Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

EMA and Semperis announce findings of report into top Active Directory security concerns of IT security practitioners

January 2022 by EMA and Semperis

A new report from Enterprise Management Associates (EMA) in collaboration with identity security pioneer, Semperis has been released and details some of the top security concerns of IT security practitioners when it comes to Microsoft’s directory service, Active Directory (AD).

The research found that unknown vulnerabilities are the top Active Directory security concern. Known but unaddressed AD vulnerabilities fall closely behind.

The most concerning risks cited by survey respondents which will affect their organisations’ overall security posture were:

Native Microsoft security flaws
Social engineering attacks, such as phishing
Attackers moving between AD on-premises and Azure AD

With the heightened attention on AD in the media and from research firms, including 451 Research and Gartner, it’s no surprise that unknown vulnerabilities were top of mind for survey respondents, which included IT directors and managers, IT architects, DevOps practitioners, and security directors.

The year 2021 brought a sea change in the awareness of Active Directory—the core identity store for 90% of businesses worldwide—as an attack vector for cybercriminals. One of the biggest clarion calls was the SolarWinds attack. Although it took time for investigators to unpack this sophisticated attack, the role of Active Directory was apparent. As more high-profile breaches involving AD—including the Colonial Pipeline attack—occurred, AD vulnerabilities were caught in the spotlight.

Findings from Mandiant consultants corroborate the frequent exploitation of AD: They reported that in 90 percent of the attacks they investigate, AD is involved in some form as either an initial entry point or as part of a privilege escalation effort. As Paula Musich, EMA Research Director, write in the report’s introduction, security practitioners face a wide range of risks in managing AD: “Because Active Directory’s configuration is in a continual state of flux, bad actors perpetually find new ways to exploit vulnerabilities to achieve their illicit aims.”

Well-publicised flaws such as the Windows Print Spooler service vulnerability discovered in June 2021 have served as a catalyst for IT and security practitioners to investigate the security of their organisations’ AD environments. Since its initial release in March 2021, more than 5,000 users have downloaded Purple Knight, a free security assessment tool from Semperis that scans the AD environment for indicators of exposure and compromise. Organisations have reported an average initial security score of about 68%—a barely passing grade.

AD recovery concerns

Respondents also said they worry about their AD recovery plans, including:

Not having a post-cyber-attack recovery plan
The inability to recover quickly
Not having a defined responsibility for AD recovery

Recovering an AD forest is an error-prone, complex process that requires planning and practice for all but the most trivial AD deployments. The majority of respondents said that the impact of an attack that took down their domain controllers would range from “significant” to “catastrophic”.

Hybrid environments add complexity

The shift of workloads and applications to the cloud will be a continual, drawn-out process, according to the EMA report. While 47% of respondents in the EMA study rated their own ability to manage and secure AD on-premises as “very competent,” only 37% of respondents gave themselves that rating for hybrid identity environments. About a third of respondents rated their skill at managing and securing a hybrid environment as “adequate.”

Respondents’ confidence in recovering Azure AD resources (such as users, groups, and roles) after a cyberattack was not reassuring: About 55% of participants expressed a “medium” level of confidence. Adequately managing security in a hybrid identity environment might be one of those situations in which practitioners don’t yet know what they don’t know: Integrating on-premises Active Directory with Azure AD authentication requires a different mindset, and failure to understand some of the key differences can open organisations to security risks.

How organisations are addressing security concerns

With the increased awareness of AD-related attacks, organisations are making changes to shore up their defences in response to high-profile attacks like the SolarWinds breach. The EMA report found that:

45% of organisations increased collaboration between operational and security teams
44% increased focus on closing AD security gaps, detecting attacks, and ensuring malware-free backups
37% added skilled practitioners to address AD security weaknesses

Businesses are now recognising that a secure identity system is the starting point for protecting every other asset in the organisation. As identity and security teams share knowledge and collaborate on solutions, organisations will strengthen their defences against identity-related attacks. Only 3% of respondents said their organisations continue to view and manage AD as an operational resource.

For further reading, Guido Grillenmeier, Chief Technologist, Semperis explains why Now Is the Time to Rethink Active Directory Security.


The research included IT directors and managers, IT architects, DevOps practitioners, and security directors.


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts