AD is more vulnerable than ever
The consulting company Aite Novarica evaluated five security solutions for Microsoft’s Active Directory (AD) in its report “Zero Trust Starts with Identity” and found that Attivo Networks is the only manufacturer to address all of the 13 common vulnerabilities of AD implementations examined. In addition, according to this report, Attivo Networks offers both prevention and detection of ongoing attacks for most of the listed vulnerabilities instead of just one of both.
The report encourages an identity-driven approach to addressing security challenges and shows why Active Directory is the primary target of attackers and “ground zero” for the zero trust movement. And yet, according to Aite Novarica, AD is either misunderstood or treated only as an operational tool for access management. It is therefore often largely unprotected, which repeatedly leads to devastating losses. Almost every attacker aims to navigate through AD domains and manipulate their vulnerabilities, the report says. And for good reason: stolen AD credentials are the perfect complement to the execution of ransomware and other various types of attacks.
AD is more vulnerable than ever, as many companies are burdened by outdated policies for AD domains that they have acquired through multiple mergers and acquisitions. Shortcuts and workarounds built in by administrators in the past are also a serious problem. To make matters worse, attacks such as DCSync, DCShadow, Silver Ticket and Golden Ticket are difficult to detect in real time because they rarely leave traces in the activity logs.
The report provides a detailed overview of the current state of the identity-based threat landscape and highlights Zero Trust as “an attitude of resilience” and not as a specific technology or execution method. It defines comprehensive AD security as consisting of preventive evaluations and corrections of abuse and misconfigurations in connection with the ongoing detection of active attacks. This definition forms the basis for the evaluation of AD protection solutions.
Evaluated Active Directory protection solutions
Profiles and ratings of five global vendors and their AD protection solutions form the core of the report, which explains the advantages and disadvantages of deployment on the endpoint versus the network. The report lists thirteen of the most common vulnerabilities, with each provider offering either prevention, detection, or both. Attivo Networks is represented as the strongest provider, which provides both prevention and detection for most of the listed vulnerabilities.
The provider profiles show the strengths and challenges from the analysts’ point of view and provide security managers with the necessary knowledge to make informed decisions when choosing solutions to protect the activity directory.
The analysis and the guide of the report underline the importance of focusing on identity protection and implementing comprehensive protection of Active Directory. Visibility as well as attack prevention and detection in real time are crucial to control, contain and minimize the damage caused.
The report “Zero Trust Starts with Identity, Protecting Active Directory” is available for free download here.