Detecting & Mitigating Cyber Attacks

Uploaded on 2021-08-23 in TECHNOLOGY--Resilience, FREE TO VIEW

Identity systems continue to be a prime attack vector for cyber criminals despite well-known vulnerabilities, especially in Active Directory, the core identity store for 90 percent of businesses worldwide. Indeed, Mandiant FireEye researchers have reported that 90% of the incidents they investigate involve Microsoft's Active Directory in some way. 

Since the surge in identity-related attacks and vulnerabilities like the Colonial Pipeline breach there has been a lot more  expert advice available and now the identity protection experts at Semperis have released their Active Directory Security Halftime ReportThis is the first in a periodic series of insights and practical skill-building resources for preventing and mitigating identity-related cyber-attacks. 

“Cybersecurity programs, big and small, are on the front lines of a new war that has virtually no boundaries and no rules of engagement,”said Mickey Bresman, CEO at Semperis. “If you think about hospitals that can’t access their systems to save a life, or cities that get held hostage, we have a responsibility to help organizations take back control. That’s what drives us... Active Directory remains the beating heart of identity management, the core of the identity platform for most organisations, but everything around it has changed rapidly.”

“AD secure configuration was not as much of a concern 15 years ago, and many recommendations that were provided at the time turned out to be insecure and have been completely revised since, so a lot of the mistakes that were made then are the problems organisations now need to address,” Bresman said.

Bresman also calls out lagging skill sets at a time when conversations about protecting the business from cyber attack are converging for identity and security teams.

“You have people that know AD extremely well, but their thinking is more operationally related,” said Bresman. “Or you have people that know red-teaming and security extremely well, but they are not AD experts. It's not that simple to find that combination of skills in a single person.” 

The Semeperis Report highlights the essential areas of focus for identity and access management (IAM) teams, security teams, and CISOs responsible for guarding organisations’ identity systems. More than two-thirds of the Halftime Report provides how-to guidance from highly experienced identity experts (including longtime recognized Microsoft MVPs) for preventing, mitigating, and recovering from identity system cyber-attacks.

With an emphasis on fast-track skills-building for identity and security professionals, the Active Directory Security Halftime Report consolidates:  

  • Practical guidelines for hardening AD security by closing common gaps that can be uncovered with the free security assessment tool Purple Knight, built by Semperis identity and access management (IAM) experts 
  • New perspectives on building a cyber-resilient organisation by breaking down silos between identity and security teams 
  • Tips for managing security in increasingly complex hybrid identity systems, particularly across on-premises Active Directory and Azure Active Directory environments 
  • Trends in cyber criminals’ tactics for compromising identity systems, as highlighted in the monthly Semperis Reports.  
  • The Active Directory Security Halftime Report, will be updated on a periodic basis to serve as a timely, concise index of resources for organisations that have prioritised hardening their Active Directory and Azure Active Directory defenses against escalating cyber-attacks. 

Although the threat landscape is continually expanding, organisations can improve their security posture by methodically identifying and addressing the well-known identity-related vulnerabilities covered in the Semperis Active Directory Security Halftime Report.

“Regardless of the particular mix of on-premises and cloud systems and assets, every organisation will need to protect the identity store,” said Bresman. “Identity is going to continue to play a huge role in the protection game that we are playing against the adversaries.”

Semperis:          Mandiant FireEye:

You Might Also Read:

Hackers Delight: Poor Password Security:

 

« NSA Warning - Avoid Public Wi-Fi
Pakistan’s New Cyber Security Policy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Internet Security Alliance (ISA)

Internet Security Alliance (ISA)

ISA is an international trade association providing thought leadership in advancing a sustainable system of cyber security.

Egerie

Egerie

EGERIE's RiskManager solution provides a Global, Centralized, and Updated view of risk maps and security measures for your company.

Tigerscheme

Tigerscheme

Tigerscheme is a certification scheme for information security specialists, backed by University standards and covering a wide range of expertise.

CRU Data Security Group (CDSG)

CRU Data Security Group (CDSG)

CRU is a pioneer in devices for data mobility, data security, encryption, and digital investigation.

Altron

Altron

Altron provides locally relevant innovative and integrated ICT solutions to business, government and consumers.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

Logic Supply

Logic Supply

Logic Supply is a global industrial PC company focused on hardware for the IoT edge. We design highly-configurable computers engineered for reliability.

Blackpoint Cyber

Blackpoint Cyber

Blackpoint’s mission is to provide effective, affordable real-time threat detection and response to organizations of all sizes around the world.

NeuVector

NeuVector

NeuVector, the leader in Full Lifecycle Container Security, delivers uncompromising end-to-end security from DevOps vulnerability protection to complete protection in production.

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

MTS-ISAC promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders.

LiveAction

LiveAction

LiveAction provides end-to-end visibility of network and application performance from a single pane of glass.

Hex-Rays

Hex-Rays

Founded in 2005, privately held, Belgium based, Hex-Rays SA focuses on the development of fast, stable, and robust binary analysis tools for the IT security market.

Auvik Networks

Auvik Networks

Auvik is easy-to-use cloud-based networking management and monitoring software - true network visibility and control without the hassle.

Data Pie Cybersecurity

Data Pie Cybersecurity

The Data Pie Cybersecurity Consulting offers a 360° around protection for your IT security. Security awareness solutions and consulting.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

Spec

Spec

Spec is the only no-code orchestration platform that protects enterprise fraud defenses from being blocked, bypassed, and manipulated by modern attack tactics.