Active Directory Mismanagement Exposes 90% of Businesses to BreachesActive Directory Mismanagement Exposes 90% of Businesses to Breaches
New analysis indicates active directory mismanagement unknowingly exposes 90% of businesses to security breaches.
February 10, 2017
MOUNTAIN VIEW, Calif. - Skyport Systems, a leading secure, hyperconverged infrastructure provider for the hybrid enterprise, has found that many enterprises overly expose Active Directory (AD) administrators' credentials, leaving companies vulnerable to security breaches. Skyport reached this conclusion after conducting comprehensive AD security assessments for enterprises over the past year.
Skyport's AD security assessments are based on a 100-point investigation into an organization’s current AD implementation, enabling scoring of the overall health of the organization’s AD infrastructure. The findings from each assessment highlight key lessons learned, benchmarks, and operational implications for reducing risk within the organization.
"We know that over 90 percent of all organizations use Active Directory to control policies for users and services," said Russell Rice, senior director, product management, Skyport Systems. "Successful attacks against AD or admin credentials can be devastating because the blast radius reaches nearly every system in the enterprise. The data we collected and analyzed shows that organizations need to pay more close attention to their AD infrastructure and use a modern approach to securing AD since many attack tools are widely available, effective and free," said Rice.
Security experts recommend the following four pillars to protect against cyberattacks:
Implement AD hygiene by limiting domain admin privileges, configuring secure password policies, and frequent patching.
Make admin workstations secure to prevent credential theft and misuse.
Protect Domain Controllers (DCs) against insider and outsider threats.
Build an isolated admin forest for large or complex enterprises.
Despite these measures, there are many ways organizations’ defenses break down, according to key findings from Skyport’s Active Directory security assessments.
These key findings include:
Over 50 percent of the organizations assessed allow administrators to use the same account to configure AD as they use for everything else.
Microsoft recommends implementing secure administrative workstations (SAWs) for management of AD. However, less than 10 percent of the organizations Skyport Systems assessed have implemented a SAW.
Fewer than 25 percent of the organizations use multi-factor authentication (MFA) for AD administrator accounts.
It is a best practice to severely limit the systems that are permitted to alter the AD configuration. However, almost none of the organizations assessed implemented host-based firewalls for the DCs, and less than 15 percent use administrative whitelists.
Microsoft has recommendations for building an Enhanced Security Administrative Environment (ESAE), but virtually no mid-market enterprises appear to be aware of, or effectively implement these guidelines.
Obtain a full copy of the AD Assessment Findings here.
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage
The Cyber Threat Impact of COVID-19 to Global Business
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report