Today Active Directory Security is mission-critical to organizational security worldwide and thus mission-critical to Cyber Security worldwide. On this blog, former Microsoft Program Manager for Active Directory Security, and today, CEO of Paramount Defenses, shares valuable technical insights on Active Directory Security.

Tuesday, February 26, 2013

Active Directory Security - Breaking the Silence


As you may know, today cyber security has become mission-critical to global security, and at the very foundation of cyber security in over 85% of all organizations worldwide lies a single technology - Active Directory.

Active Directory Security

For over 7 years we have known about the most serious of all security risks to Active Directory, and for 7 years, we have kept silent about it, because we know that disclosing any information about such risks without there being adequate solutions to help organizations mitigate these risks would have been irresponsible.

Today, with the availability of security solutions that can adequately and swiftly mitigate these risks, we will break the silence and let the world know about arguably the most serious security risk to their foundational Active Directory deployments, so they can adequately secure and defend their mission-critical Active Directory deployments from the risk of swift and systemic compromise.

We would ideally not have liked to share this information at all, but we have reason to believe that certain advanced persistent threats, such as specific hostile governments and organized crime syndicates, may already have gotten a drift of these critical security risks and may possibly even be working on exploits to inflict the foundational cyber security defenses of organizations worldwide.

Thus, on September 12, 2013 we will finally break the silence on this blog, and share with you information about the most serious of all risks to foundational Active Directory deployments worldwide. (The days of "security by obscurity" are going to be over.)

Note: As some of you may know, we were initially going to declassify this on September 02, 2013. However, in light of recent cyber security attacks by the Syrian Electronic Army, we were requested to postpone this. Out of an abundance of caution, we have decided to postpone it by 9 days. We will NOT postpone it again, come rain, wind, war or shine.

[September 12, 2013 Update:] Here is the link to the declassified risk -


No comments:

Post a Comment