Today Active Directory Security is mission-critical to organizational security worldwide and thus mission-critical to Cyber Security worldwide. On this blog, former Microsoft Program Manager for Active Directory Security, and today, CEO of Paramount Defenses, shares valuable technical insights on Active Directory Security.

Wednesday, May 29, 2013

Active Directory Security - A Top Cyber Security Priority Today


As you may know, today Active Directory is at the very foundation of enterprise security and cyber security worldwide.

Given Active Directory's foundational role in enterprise security worldwide, based on the principle of adequate protection, it is only logical that the security of the Active Directory itself is paramount to organizational security worldwide.

As logical as it may sound, based on what we have seen in our vast experience over the last decade, we are deeply concerned to see that most organizations today across the world do NOT yet realize just how important Active Directory security really is.

I suppose the only thing more concerning is that not only do so many organizations not realize this yet, they also do not seem to possess the level of technical skill-set and expertise that is required to adequately protect their underbelly.

(You'd be surprised if we told you just how many government agencies are still looking for mere account lockout status tools.)

In addition, so many organizations believe that the presence of an Active Directory auditing solution is generally sufficient to provide adequate security for Active Directory because it can help them audit the enactment of a malicious task.

Little do they realize that auditing is merely a reactive security measure, that at best, aids in potentially detecting the occurrence of a malicious action and determining the identity of the perpetrator. The key word here is REACTIVE. The fact that the occurrence of a malicious task showed up in an audit log indicates that the malicious task has already been performed.

The keyword here is ALREADY. In such a situation, although auditing could potentially help identify the perpetrator, depending on the perpetrator's skill, the opportunity to enact a single malicious task could be (/have been) sufficient to inflict substantial, and often irreversibly damage to not just the Active Directory, but the entire Windows Server based IT infrastructure. (The first thing a smart perpetrator would do is disable all the admin accounts so no one can even login to try and stop him/her.)

The point is that the presence of any one single security measure such as reactionary auditing, is hardly sufficient to provide adequate security for an Active Directory deployment. Providing adequate security for Active Directory requires and involves the presence of numerous procedural, policy and technical security controls, that work together to provide adequate protection.

So many organizations today seem to be substantially deficient in providing adequate protection for their Active Directory deployments, and the #1 reason for this is that Active Directory security does not appear to be a high enough priority for them.

Thus, in the best interest of all organizations, we've put together a simple succinct document that unequivocally communicates the importance of protecting foundational Active Directory deployments. You can download it by clicking the image below, or clicking here.

The Importance of Active Directory Security
We do hope that this simple document helps organizations unequivocally understand just how important the security of their foundational Active Directory is to their security, and in their own best interest, ensure its adequate protection at all times.

As the very foundation of enterprise security worldwide, Active Directory security is not just important, it is paramount.

What else could be more important?

Best wishes,

No comments:

Post a Comment