Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Research Finds Attackers Targeting Active Directory: 50% of Businesses Experienced an Attack with >40% Success

October 2021 by Attivo Networks®

Attivo Networks® announced the availability of a new research report conducted by Enterprise Management Associates (EMA) and commissioned in part by Attivo Networks. The report focuses on Active Directory (AD), the directory-based identity services platform used by 90% of enterprises worldwide, exploring the obstacles and threats organizations face when protecting AD and how they adapt to address these growing concerns.

As evidence of the value that attackers place in exploiting Active Directory and the privileges it contains, the report revealed that 50% of organizations experienced an attack on Active Directory in the last 1-2 years, with over 40% indicating the attack was successful. An equally troubling finding was that penetration testers successfully exploited AD exposures 82% of the time, which suggests that actual attack findings may be underrepresented due to lack of visibility to exploits.

In response to Active Directory being under siege, 86% of organizations plan to increase investment in protecting AD. They cite the increased prevalence of AD attacks (25%), an increase in remote or work-from-home activity (18%), an expansion of cloud usage (17%), and prevalence of advanced attacks, such as ransomware 2.0 (15%), as top reasons for doing so.

When asked about protecting against advanced attacks like ransomware 2.0, enterprises provided a range of answers. Nearly two-thirds indicated that they employ AD attack detection tools (64%) and endpoint detection and response (EDR) tools (64%), while just over half use antivirus/endpoint protection platforms (EPPs) (55%). Other notable protection measures mentioned by those in the report include user and entity behavioral analytics (UEBA) tools (40%), SIEM and log analysis tools (36%), and identity detection and response (IDR) tools (27%). Given the relative newness of the IDR category, which began to emerge in 2021, it is promising to see that a significant portion of enterprises has already adopted it.

The report also explored and analyzed security professional’s experiences in protecting Active Directory and its challenges:

• The most feared AD attacks
• Top AD threat vectors
• AD protection techniques and tools
• Pen testing highlights AD vulnerabilities
• Barriers to acting upon and the remediation of AD exposures
• The role AD plays in compliance checks and certifications
• Throughout the survey, there was a trend in the repeated mention of privilege escalation and overprovisioning issues, as well as lack of visibility to understand misuse and policy drift easily. These discoveries all underscored the point that effective Active Directory protection requires diligent permission control and access management but must also include multiple layers of visibility and live attack detection.

“Attackers are leveraging the intricacies of Active Directory to penetrate the environment through an exponential number of attack paths, offering virtually undetectable lateral movement within Active Directory,” said Paula Musich, research director, Security and Risk Management at Enterprise Management Associates. “The good news is that a solid majority of organizations recognize this threat and increased their Active Directory security prioritization in 2021, with plans to increase their spending on its security.”

“The main challenges to protecting Active Directory are detecting live AD attacks, the lack of visibility into the AD environment, and the necessary coordination of communicating AD security across multiple teams,” said Carolyn Crandall, chief security advocate at Attivo Networks. “Attivo’s identity detection and response (IDR) solutions squarely address this gap in protection, offering crucial visibility into the AD environment, allowing organizations to address AD attacks in real-time and identify risks within their AD before malicious actors exploit them.”


Research Methodology
Attivo Networks, alongside other vendors, sponsored Enterprise Management Associates (EMA) to undertake this research. In August 2021, EMA polled 250 IT professionals and executives from organizations with at least 1,000 employees representing at least ten different vertical industries.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts