Detecting & Mitigating Cyber Attacks

Identity systems continue to be a prime attack vector for cyber criminals despite well-known vulnerabilities, especially in Active Directory, the core identity store for 90 percent of businesses worldwide. Indeed, Mandiant FireEye researchers have reported that 90% of the incidents they investigate involve Microsoft's Active Directory in some way. 

Since the surge in identity-related attacks and vulnerabilities like the Colonial Pipeline breach there has been a lot more  expert advice available and now the identity protection experts at Semperis have released their Active Directory Security Halftime ReportThis is the first in a periodic series of insights and practical skill-building resources for preventing and mitigating identity-related cyber-attacks. 

“Cybersecurity programs, big and small, are on the front lines of a new war that has virtually no boundaries and no rules of engagement,”said Mickey Bresman, CEO at Semperis. “If you think about hospitals that can’t access their systems to save a life, or cities that get held hostage, we have a responsibility to help organizations take back control. That’s what drives us... Active Directory remains the beating heart of identity management, the core of the identity platform for most organisations, but everything around it has changed rapidly.”

“AD secure configuration was not as much of a concern 15 years ago, and many recommendations that were provided at the time turned out to be insecure and have been completely revised since, so a lot of the mistakes that were made then are the problems organisations now need to address,” Bresman said.

Bresman also calls out lagging skill sets at a time when conversations about protecting the business from cyber attack are converging for identity and security teams.

“You have people that know AD extremely well, but their thinking is more operationally related,” said Bresman. “Or you have people that know red-teaming and security extremely well, but they are not AD experts. It's not that simple to find that combination of skills in a single person.” 

The Semeperis Report highlights the essential areas of focus for identity and access management (IAM) teams, security teams, and CISOs responsible for guarding organisations’ identity systems. More than two-thirds of the Halftime Report provides how-to guidance from highly experienced identity experts (including longtime recognized Microsoft MVPs) for preventing, mitigating, and recovering from identity system cyber-attacks.

With an emphasis on fast-track skills-building for identity and security professionals, the Active Directory Security Halftime Report consolidates:  

  • Practical guidelines for hardening AD security by closing common gaps that can be uncovered with the free security assessment tool Purple Knight, built by Semperis identity and access management (IAM) experts 
  • New perspectives on building a cyber-resilient organisation by breaking down silos between identity and security teams 
  • Tips for managing security in increasingly complex hybrid identity systems, particularly across on-premises Active Directory and Azure Active Directory environments 
  • Trends in cyber criminals’ tactics for compromising identity systems, as highlighted in the monthly Semperis Reports.  
  • The Active Directory Security Halftime Report, will be updated on a periodic basis to serve as a timely, concise index of resources for organisations that have prioritised hardening their Active Directory and Azure Active Directory defenses against escalating cyber-attacks. 

Although the threat landscape is continually expanding, organisations can improve their security posture by methodically identifying and addressing the well-known identity-related vulnerabilities covered in the Semperis Active Directory Security Halftime Report.

“Regardless of the particular mix of on-premises and cloud systems and assets, every organisation will need to protect the identity store,” said Bresman. “Identity is going to continue to play a huge role in the protection game that we are playing against the adversaries.”

Semperis:          Mandiant FireEye:

You Might Also Read:

Hackers Delight: Poor Password Security:

 

« NSA Warning - Avoid Public Wi-Fi
Pakistan’s New Cyber Security Policy »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

Mastercard

Mastercard

MasterCard is a leading global payments solutions company that serves consumers and businesses in over 210 countries and territories worldwide.

Cyber Aware

Cyber Aware

Cyber Aware aims to drive behaviour change amongst small businesses and individuals, so that they adopt simple secure online behaviours.

Bufferzone Security

Bufferzone Security

Bufferzone is a patented containment solution that defends endpoints against advanced malware and zero-day attacks while maximizing user and IT productivity.

Sera-Brynn

Sera-Brynn

Sera-Brynn is one of the highest-ranked, pure-play cybersecurity compliance and advisory firms in the world.

National Accreditation Agency of Ukraine (NAAU)

National Accreditation Agency of Ukraine (NAAU)

NAAU is the national accreditation body for Ukraine. The directory of members provides details of organisations offering certification services for ISO 27001.

Noventiq

Noventiq

Noventiq (the brandname of Softline Holding plc) is a leading global solutions and services provider in digital transformation and cybersecurity.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

Crypto International

Crypto International

Crypto International offers comprehensive services for the operation of our customers’ IT and communication infrastructure, with a focus on cybersecurity and encryption solutions.

Ghost Security

Ghost Security

Ghost is a venture backed, product-led startup building the new standard in application security for the modern enterprise.

Telesystem

Telesystem

Telesystem empowers businesses across the USA with a range of innovative network, communication and collaboration solutions.

Northdoor

Northdoor

Northdoor provides a comprehensive set of services around information security and works with leading global technology vendors to deploy and manage cyber security solutions.

Opal Security

Opal Security

Opal is an identity and access management platform that offers a consolidated view and control of your whole ecosystem from on-prem to cloud and SaaS.

Cloudaeris

Cloudaeris

Cloudaeris is a trusted Microsoft Partner, and we've got what it takes to make your business more efficient and agile.

Cyro Cyber

Cyro Cyber

Cyro Cyber is a collective of some of the UK’s most experienced and savvy cybersecurity, information assurance, data protection, IT governance and compliance experts.

Lumos

Lumos

Lumos, the Unified Access Platform to manage all access to apps and data.