Hyland 160x1200

Hyland 160x1200

Hyland 705x108

Friday, 08 October 2021 15:18

Research finds attackers targeting Active Directory: 50% of businesses experienced an attack with >40% success

By Attivo Networks
Attivo Networks chief security advocate Carolyn Crandall Attivo Networks chief security advocate Carolyn Crandall

GUEST RESEARCH: Attivo Networks, the experts in preventing identity privilege escalation and detecting lateral movement attacks, today announced the availability of a new research report conducted by Enterprise Management Associates (EMA) and commissioned in part by Attivo Networks. The report focuses on Active Directory (AD), the directory-based identity services platform used by 90% of enterprises worldwide, exploring the obstacles and threats organisations face when protecting AD and how they adapt to address these growing concerns.

To download the report The Rise of Active Directory Exploits: Is it Time to Sound the Alarm?, please visit: https://bit.ly/2XXDQ9h.

As evidence of the value that attackers place in exploiting Active Directory and the privileges it contains, the report revealed that 50% of organisations experienced an attack on Active Directory in the last 1-2 years, with over 40% indicating the attack was successful. An equally troubling finding was that penetration testers successfully exploited AD exposures 82% of the time, which suggests that actual attack findings may be underrepresented due to lack of visibility to exploits.

In response to Active Directory being under siege, 86% of organisations plan to increase investment in protecting AD. They cite the increased prevalence of AD attacks (25%), an increase in remote or work-from-home activity (18%), an expansion of cloud usage (17%), and prevalence of advanced attacks, such as ransomware 2.0 (15%), as top reasons for doing so.

When asked about protecting against advanced attacks like ransomware 2.0, enterprises provided a range of answers. Nearly two-thirds indicated that they employ AD attack detection tools (64%) and endpoint detection and response (EDR) tools (64%), while just over half use antivirus/endpoint protection platforms (EPPs) (55%). Other notable protection measures mentioned by those in the report include user and entity behavioural analytics (UEBA) tools (40%), SIEM and log analysis tools (36%), and identity detection and response (IDR) tools (27%). Given the relative newness of the IDR category, which began to emerge in 2021, it is promising to see that a significant portion of enterprises has already adopted it.

The report also explored and analysed security professional’s experiences in protecting Active Directory and its challenges:

• The most feared AD attacks

• Top AD threat vectors

• AD protection techniques and tools

• Pen testing highlights AD vulnerabilities

• Barriers to acting upon and the remediation of AD exposures

• The role AD plays in compliance checks and certifications

Throughout the survey, there was a trend in the repeated mention of privilege escalation and overprovisioning issues, as well as lack of visibility to understand misuse and policy drift easily. These discoveries all underscored the point that effective Active Directory protection requires diligent permission control and access management but must also include multiple layers of visibility and live attack detection.

“Attackers are leveraging the intricacies of Active Directory to penetrate the environment through an exponential number of attack paths, offering virtually undetectable lateral movement within Active Directory,” said Enterprise Management Associates security and risk management research director Paula Musich.

“The good news is that a solid majority of organisations recognise this threat and increased their Active Directory security prioritisation in 2021, with plans to increase their spending on its security.”

Attivo Networks chief security advocate Carolyn Crandall said “The main challenges to protecting Active Directory are detecting live AD attacks, the lack of visibility into the AD environment, and the necessary coordination of communicating AD security across multiple teams.

“Attivo’s identity detection and response (IDR) solutions squarely address this gap in protection, offering crucial visibility into the AD environment, allowing organisations to address AD attacks in real-time and identify risks within their AD before malicious actors exploit them.”

To learn more about Attivo Networks’ Active Directory protection solutions, visit the Active Directory Protection product page or read the IDR solutions page here.

Research Methodology

Attivo Networks, alongside other vendors, sponsored Enterprise Management Associates (EMA) to undertake this research. In August 2021, EMA polled 250 IT professionals and executives from organisations with at least 1,000 employees representing at least ten different vertical industries.

About Attivo Networks

Attivo Networks, the leader in preventing identity privilege escalation and detecting lateral movement attacks, delivers a superior defense for countering threat activity. Through cyber visibility programs, deception, and conditional access tactics, the Attivo ThreatDefend Platform offers a customer-proven, scalable solution for denying, detecting, and derailing attackers and reducing attack surfaces without relying on signatures. The portfolio provides patented innovative defences at critical points of attack, including at endpoints, in Active Directory, in the cloud, and across the entire network by preventing and misdirecting attack activity. Forensics, automated attack analysis, and third-party integrations streamline incident response. Deception as a defence strategy continues to grow and is an integral part of NIST Special Publications and MITRE Shield, and its capabilities tightly align to the MITRE ATT&CK framework. Attivo has won over 150 awards for its technology innovation and leadership. www.attivonetworks.com

Read 1980 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

GET READY FOR XCONF AUSTRALIA 2022

Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.


Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event

GET YOUR TICKET!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments