Today Active Directory Security is mission-critical to organizational security worldwide and thus mission-critical to Cyber Security worldwide. On this blog, former Microsoft Program Manager for Active Directory Security, and today, CEO of Paramount Defenses, shares valuable technical insights on Active Directory Security.


Showing posts with label Foundational Security. Show all posts
Showing posts with label Foundational Security. Show all posts

Monday, January 6, 2020

What is Active Directory, and Why Is it Important?

Folks,

Today is January 06, 2020, and as promised, here I am getting back to sharing thoughts on Active Directory Security.


Back to the Basics (Cyber Security 101)

I'd like to kick off this blog this year/decade by asking and answering a very simple yet vital question - What is Active Directory?

You see, while this question may seem simple to some (and it is,) its one of the most important questions to answer adequately, because in an adequate answer to this most simple question lies the key to organizational cyber security worldwide.

The reason is very simple -  if you were to ask most CISOs or IT professionals, they'll likely tell you that Active Directory is the "phone book" of an organization's IT infrastructure, and of course, since "who really cares about a phone book" it is this shallow view that leads so many organizations to greatly diminish the value of Active Directory to the point of sheer negligence!

In fact, for years now, this has been the predominant view held by most CISOs and organizations worldwide, and sadly it is the negligence resulting from such a simplistic view of Active Directory that the Active Directory deployments of most organizations remain substantially insecure and vastly vulnerable to compromise today.



 Active Directory - The Very Foundation of Organizational Cyber Security Worldwide

If as they say, a "A Picture is Worth a Thousand Words", perhaps I should paint you a very simple Trillion $ picture -


An organization's Active Directory deployment is quite simply its single most valuable IT and corporate asset, worthy of the highest protection at all times, because it is the very foundation of an organization's cyber security.

You see, the entirety of an organization's building blocks of cyber security i.e. all organizational user accounts and passwords used to authenticate their people, all security groups used to authorize access to all their IT resources, all their privileged user accounts, all the accounts of all their computing devices (laptops, desktops, servers etc.) are all stored, managed and secured in (i.e. inside) the organization's foundational Active Directory, and all sensitive/privileged actions on them are audited in it.

In other words, should an organization's foundational Active Directory, or even a single Active Directory privileged user account, be compromised, the very foundation of the organization's cyber security, and thus the entire organization could be exposed to the risk of complete, swift and colossal compromise.



Active Directory Security Must Be Organizational Cyber Security Priority #1

Ensuring the highest protection of an organization's foundational Active Directory deployment must, without a doubt, be the #1 priority of every organization that cares about cyber security, protecting shareholder value and business continuity.


Here's why - A deeper, detailed look into What is Active Directory ?


For anyone to whom this may still not be clear, I'll spell it out - just about everything in organizational Cyber Security, whether it be Identity and Access Management, Privileged Access Management, Network Security, Endpoint Security, Data Security, Intrusion Detection, Cloud Security, Zero Trust etc. ultimately relies and depends on Active Directory (and its security.)


In essence, today every organization in the world is only as secure as is its foundational Active Directory deployment, and from the CEO to the CISO, from IT Managers to Auditors and from Domain Admins to employees, everyone should know this fact.

Best wishes,
Sanjay.
No comments:
Labels: , , , , ,

Friday, June 2, 2017

Active Directory Security is Paramount to Global Security Today (Day 2)

Folks,

Today is Day 2 of advanced Active Directory Security school for Microsoft. Today's post, albeit short and non-technical, is also very important, because the world needs to understand just how important Active Directory Security is to global security today.

From the White House to the British Houses of Parliament, and from Microsoft to the Fortune 1000, at the very foundation of IT, identity and access management, and cyber security at over 85% of all organizations worldwide today lies Active Directory.


In other words, the foundational security of thousands of government and business organizations depends on Active Directory.

To paint a picture - Governments, Militaries, Law Enforcement Agencies, Banks, Stock Exchanges, Energy Suppliers, Defense Contractors, Hospitals, Airlines, Airports, Hotels, Oil and Gas Companies, Internet, Tech and Cyber Security Companies, Manufacturing Companies, Pharmaceutical Companies, Retail Giants ... <the list is long> all run on Microsoft Active Directory.

Now imagine a scenario wherein someone is able to write and unleash malware designed to target and exploit weaknesses in and compromise foundational Active Directory deployments worldwide. Just how much damage do you think that could do?

 If that's a stretch for your imagination, consider this and a much simpler scenario, wherein a perpetrator (e.g. a hacker, an APT, an insider) specifically targets and is able to compromise the Active Directory of even just a few of the world's top organizations.

Hopefully you can now see why Active Directory Security is paramount to global security today. What could be more important?


Now consider this - in almost every Active Directory deployment in the world, there exist thousands of exploitable unauthorized effective access grants, yet neither do most organizations seem to know this, nor do they possess the means to identify them.

Considering the above, one would think Microsoft would be aware of this problem, and if so, have a solution for it, for the world. Sadly, neither Microsoft nor any cyber security company on the planet has a(ny) solution to help these organizations adequately i.e. accurately and swiftly identify and eliminate the billions of unauthorized effective access grants that endanger foundational Active Directory deployments worldwide. Well, except one.

In light of the above, you may want to read Day 1's entry (a few times over, if needed) again - here.

That's all for today.

Good night,
Sanjay


PS: Responsible disclosure/picture-painting: I wouldn't have shed light on this if there was no solution. There is a solution today, and it can help the entire world address and eliminate this problem very quickly, but we can't help these organizations until they themselves first recognize, understand and acknowledge the problem, comprehend its magnitude, & then seek our assistance.
No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)