A growing number of breaches involve the exploitation of suboptimal Microsoft Active Directory (AD) configurations to allow attackers to gain a foothold within target networks, access sensitive resources, and deploy malware. As the gatekeeper to critical applications and data in 90% of organizations worldwide, AD is a common access vector for attackers and extremely complex to secure given its constant flux, sheer number of settings, and the increasingly sophisticated threat landscape.
We sat down with Darren Mar-Elia, VP of Products at Semperis to talk about what makes Active Directory security so critical and how the company is helping to secure AD environments with its latest release of Directory Services Protector (DSP) v3.5, which includes DSP Intelligence, a new module that provides automated security assessments of Microsoft AD.
What makes Microsoft Active Directory so desirable to hackers?
Active Directory (AD) is still the identity backbone for 90% of organizations. Attackers know that it is also a 20+ year old system with inherent configuration weaknesses – in other words, it’s a critical piece of most enterprises’ IT infrastructure but notoriously difficult to keep secure. Even with significant resources, large organizations are vulnerable to malicious attacks that use AD as an entry point— as was the case in numerous attacks—most recently the SolarWinds attack.
How do hackers exploit Microsoft Active Directory?
AD has a combination of factors working against it. It has to support many legacy protocols that were not built with security in mind. In