• Active Directory Attacks
  • Mar 3, 2021
  • By QOMPLX

Active Directory is Your #1 Cyber Risk. Start Treating It That Way.

Active Directory is Your #1 Cyber Risk. Start Treating It That Way.

For Cybersecurity professionals, these are not easy times. Data breaches are reported daily and malware seems to evade- or break through perimeter defenses like firewalls, privileged access management (PAM) and multi-factor authentication with ease.

As bad as that sounds, however, things appear to be getting worse. Organized crime and ransomware gangs threaten to lock down your IT environment, holding you, your employees, and your data hostage. Sophisticated adversaries, including nation-state actors, target your critical controls infrastructure and your software supply chain. They’re looking to burrow deep into your IT environment with persistence, access, and sysadmin privileges.

The fact is: organizations can no longer count on stopping threats at their perimeter. Addressing these threats requires a different constellation of security post-breach controls and a different approach - from the inside out. They need to start at the core of the IT environment: validating basic critical control infrastructure related to authentication, authorization, and identity. Learn more about how to do this with our QOMPLX:CYBER product.

Active Directory: Attackers’ #1 Target

At the top of the list, for almost every organization, is Microsoft’s Active Directory, which is the dominant identity service in most organizations with a 95% market share in the enterprise. In fact, many major breaches reported in the media have a common thread of Active Directory being compromised and used by the attackers after their initial breach.

Why? As QOMPLX CSO Andy Jaquith recently noted,  Active Directory is an “overstuffed Turkey” that presents a huge opportunity to cyber adversaries: a list of users and their relevant contact details; a list of servers and workstations known to the administrators; and a lightweight entitlements repository, among others.

“Active Directory does so much, and is so complex, that it cannot be effectively secured,” Jaquith observed.

Download Our New Report

If Active Directory is so critical to the security of your organization, why do so many firms take a hands off approach to AD security? In our latest report, we explore that issue and offer some steps organizations can take to shore up the security of this Critical Control Infrastructure.

Download the report now!

You might also be interested in

Lessons from the Medibank breach
May 23, 2023
  • Attack Surface Monitoring
  • Cyber Attacks
  • Cyber Operations
  • Detections
  • QOMPLX Knowledge
  • Ransomware
  • ITDR

Lessons from the Medibank breach

Ming Fu, a member of the Americas Pre-Sales Engineering Team at QOMPLX, looks at the much publicized Medibank breach in Australia last year, and draws a few much needed lessons based on the published findings of this breach.

Read more
IcedID Malware Gaining Prominence by Adding Identity Attack Chains
Apr 20, 2023
  • Cyber Attacks
  • Detections
  • QOMPLX Knowledge
  • Ransomware
  • ITDR

IcedID Malware Gaining Prominence by Adding Identity Attack Chains

Brian Freedman, WW Director of Solution Architecture highlights how identity controls are necessary tools, along with EDR, to combat evolving malware threats that have been expanding to include identity compromise as a primary objective in their attack strategies.

Read more
Latest CISA Warning Hints At Worst Case Scenario In Russia Hack
Dec 18, 2020

Latest CISA Warning Hints At Worst Case Scenario In Russia Hack

Federal agencies are advised to counter “Kerberoasting and forged TGT ” attacks—suggesting a worst-case scenario for federal IT networks.

Read more
Request a Demo

Interested in learning more?

Subscribe today to stay informed and get regular updates from QOMPLX.