Five Eyes Alliance Technical Report: Detecting and Mitigating Active Directory Compromises

September 2024 by Mickey Bresman, CEO, Semperis

Active Directory holds the keys to the kingdom. Vulnerabilities in Active Directory, Entra ID and Okta give attackers access to an organisation’s network and resources. The new, comprehensive report on mitigating Active Directory (AD) risks from the Five Eyes Alliance highlights the urgent need to secure AD against today’s cyber threats.

We are honored that Purple Knight, our free AD vulnerability tool, downloaded by more than 30,000 global organisations, is a recommended tool in the report. Purple Knight helps organisations assess vulnerabilities and discover indicators of exposure and indicators of compromise in hybrid AD environments. Semperis will continue to support the community with free tools such as Purple Knight and Forest Druid, our free attack analysis tool.

By implementing the recommendations in the Five Eyes Alliance report, organisations can significantly improve their AD security, and their overall security posture, to prevent intrusions by malicious actors. However, many of the techniques in the report are resistant to cyber security incident response remediation activities intended to evict threat actors. Semperis is on the front lines of incident response cases involving identity systems. On a daily basis, we see firsthand the resiliency and expertise needed to bounce back from AD compromises that take identity systems down, disrupting businesses and leading to revenue losses and employee and customer angst. Semperis built the industry’s first cyber approach to AD security and resiliency and we have evolved our solutions over the years to allow us to recover the organisations we work with in a secure (malware free and post breach cleanup) and rapid manner, driving what is otherwise days or weeks of work to hours and minutes.

Commentary from Chris Inglis, Semperis Strategic Advisor and first U.S. National Cyber Director:

Vulnerabilities in Active Directory, the most frequently used identity system, are targeted constantly by threat actors. Today’s guidance by the Five Eyes Nations is welcomed. I recommend that organisations adopt an assumed breach mindset and consider an ever-present state of threat arrayed against companies; you can never say that you are either safe or take a moment off. While perfect security is impossible, you can make your network defensible, and then you must defend it. That defence is a mix of doctrine, upskilling and technology, all of which are essential - none on their own is sufficient. Organisations such as Semperis offer hybrid identity system security that will help global organisations improve their operational resiliency against today’s ever-present attacks.