Active Directory Security Risk: Where Alsid Can Help
Risk is the intersection of threats, vulnerabilities, and assets.
There is no question the risk to Active Directory is enormous. AD is riddled with a myriad of vulnerabilities that can’t be mitigated. Considering AD controls access to nearly all assets in the organization, it is the key player in ensuring correct access. Nearly every attacker is going after AD to move laterally and gain privileges, so the threat is not only real, it is imminent.
When someone says, “We have had the same AD for years and we have not been attacked or breached”, that isa recipe for a breach. Every day, there is a new list of organizations that are attacked and breached. The attackers are targeting AD because it is the “Keys to the Kingdom”. If an attacker gains privileges in AD, they can do anything on the network they want. Case in point, it is how so many organizations get held ransom.
“Risk refers to the potential for loss or damage when a threat exploits a vulnerability. Examples of risk include financial losses as a result of business disruption, loss of privacy, reputational damage, legal implications and can even include loss of life.”
Chance of the threat
The number of cyberattacks in 2020 more than doubled that of 2019. Statistics show that 2021 will see another doubling of attacks. The question is not if we will be attacked, but when. The threat of an attack on AD is real and at some point inevitable. If you have not been attacked, or most likely have not realized you were attacked, then chances are that 2021 has a nasty surprise in store.
Neglecting to prepare for this attack is puts the entire organization at risk. Many of 2020’s breach victims have unfortunately gone out of business.
Breadth of the vulnerability
How vulnerable is AD? Consider the technology is 21 years old and the attention given to security in the year 2000 is far different than in 2021. Actually, we see that settings from 2000 are still not secure today. Why? The main factors include:
- Operating system vulnerabilities that have not been fixed
- Security settings are left in an insecure state
- Configurations can’t be set to a better security level due to applications
- Processes are not known or understood, leaving insecure settings
The fact is that every AD has vulnerabilities, and attackers prey on these settings.
Cost of risk
When known vulnerabilities exist, threats are imminent, and assets are like gold, the risk is the highest possible. Not addressing the vulnerabilities to protect assets is no different than leaving your front door open to a thief.
The cost of this risk is only climbing. According to Forbes, the cost of a breach averages $7.91M.* More than handful of organizations have had to close up shop due to that price tag. For a publicly traded company specifically, the average bill runs $116M.**
Taking action to secure AD
The antiquated methods of trying to secure AD have come up short. Pentesting, auditing, change monitoring, and behavior analysis are not enough. The right solution to secure AD must have the following characteristics:
- Find and mitigate existing threats
- Constantly maintain a hardened level of security
- Detect advanced threats in real time
- Consume no footprint on the domain controllers
- Work with no privileges so they can’t be used as attack vectors
- Be flexible to work on-prem, as a SaaS solution, or even in the cloud
“Alsid provides each”