Active Directory is Foundational
Active Directory is the foundation of organizational cyber security worldwide.
Today, at 85% of organizations, the entirety of an organization's building blocks of cyber security i.e. all privileged, executive and employee user accounts and passwords, computer accounts, security groups and policies, lie in Active Directory.
Should an organization's foundational Active Directory deployment or even a single privileged user account be compromised, the entirety of their building blocks of cyber security and all their IT assets would instantly be at risk of compromise.
Active Directory
Active Directory is foundational.
Active Directory is the lifeline and foundation of IT and cyber security in IT infrastructures powered by Windows Server.
At 85% of organizations worldwide, all organizational user accounts and passwords are stored, protected and managed in Active Directory and almost all organizational computers are joined to, secured by and managed from Active Directory.
Further, access to the entirety of an organization's IT assets (files, folders, applications, portals, email etc.) is controlled using domain security groups, which too are stored in Active Directory.
As such, in Windows based networks, all three A's of cyber security i.e. Authentication, Authorization and Auditing are completely integrated with and depend on Active Directory, and the most powerful privileged accounts and groups, and the majority of all privileged access lies in Active Directory.
Most importantly, Active Directory enables organizations to operate autonomously, i.e. without having to relinquish control of their primary identities, their security and their organizational privacy to a third-party (Cloud IDP provider.)
Consequently, an organization's foundational Active Directory is its most valuable, critical and its most targeted asset.
Active Directory Security is Paramount
The compromise of Active Directory would be tantamount to a system-wide compromise.
Active Directory Security is paramount to organizational cyber security because an Active Directory compromise or breach is tantamount to a catastrophic system-wide compromise.
It is catastrophic because once a perpetrator has compromised an organization's Active Directory, he/she would have compromised the very foundation of the organization's security, and obtained complete command and control over it.
This would allow the perpetrator the ability to access, tamper, copy, divulge, exfliltrate and/or destroy just about any and practically every organizational IT resource.
An Active Directory compromise is thus tantamount to a compromise of the foundation of organizational cyber security.
Thus, the adequate protection of an organization's foundational Active Directory and its contents must be the #1 cyber security and corporate priority for every organization.
Active Directory is Target #1
Active Directory is the target #1 for perpetrators today.
Active Directory is the #1 target for perpetrators today because its the foundation of cyber security in Windows networks.
Thus, the compromise of the Active Directory gives perpetrators command and control over the entire IT infrastructure.
Its no wonder that most popular hacking tools used today, such as Mimikatz and Bloodhound, all target Active Directory.
In fact, history is witness that in virtually all major recent breaches in the last decade, including the Colonial Pipeline Hack and the Solarwinds Breach, the perpetrators focused on and targeted Active Directory.
Any organization whose foundational Active Directory is not adequately protected, could be the next victim of a breach.
The Active Directory Attack Surface
The Active Directory attack surface is vast but defendable.
Active Directory is inherently highly stable, robust and securable, but it does require organizations to adequately secure it and its contents, and actively defend it from compromise at all times.
The adequate protection of Active Directory and its contents requires that organizations identify, understand and then sufficiently secure and defend its attack surface, which is -
Domain Controllers
Active Directory Privileged Users* and Groups
Active Directory Contents and Configuration Data
Active Directory Logical Structure (Trust Relationships)
Active Directory Backups and Administrative Workstations
*In AD domains there exist an unknown number of users with delegated privileged access, which too need to be identified.
Securing and Defending Active Directory
Active Directory Security must be an organization's #1 cyber security and corporate priority, and Active Directory must be adequately secured and actively defended at all times.
Adequately securing Active Directory requires and involves -
Protecting Domain Controllers and Admin Workstations
Identifying* Active Directory Privileged Users and Groups, then securing them and securely managing them.
Securing Active Directory Contents and Configuration Data
Ensuring a Sound Active Directory Logical Structure
Adequately Securing Active Directory Backups
* The accurate identification of privileged users inside Active Directory is paramount, because the compromise of a single such privileged user could result in a massive breach.
Active Directory Attack Vector #1 - Privileged Access
Easiest way to compromise AD is by gaining privileged access.
What do the components that comprise 99% of Active Directory's attack surface, i.e. DCs, AD privileged accounts and groups, AD contents, config data and admin workstations, have in common?.
They are all represented by an object in Active Directory.
You see, literally everything inside Active Directory is an object, protected by an access control list (ACL), and in each AD, in thousands of ACLs lie thousands of security permissions that govern and control exactly who has what access.
These permissions control everything, from who can change the Domain Admins group membership to who can reset a Domain Admin's password to who can link a malicious GPO, to who can control every single privileged user and group.
Anyone who can correctly* analyze this ocean of permissions in Active Directory, could find thousands of ways to gain privileged access over any component of its attack surface and control AD.
* The correct analysis involves determining effective permissions.Effective Permissions - The Keys to AD Security
Effective Permissions are the keys to privileged access in Active Directory, and thus the keys to Active Directory security.
From Domain Admins to every privileged account and group, and from the Domain Controllers OU to every DC's and admin workstation's computer account, as well as the domain root, literally everything in Active Directory is an AD object.
Every AD object is protected by an access control list (ACL) that specifies who has what permissions on the object, and its the net cumulative resulting set of "effective permissions" that determines who actually has what access on the object.
It is not Who has what permissions in Active Directory but Who has what effective permissions in Active Directory that ultimately governs the security of all Active Directory content, including all privileged users and groups, content and DCs.
Thus, effective permissions are the keys to correctly identifying privileged access in Active Directory, and to its security.
Our Global Customers