Oscar From Alsid
Active Directory Holds the Keys to your Kingdom, but is it Secure?
Microsoft Active Directory (AD) is the dominant mode of managing Windows domain networks. The use of AD is so common that approximately 90% of the Global Fortune 1000 companies use it as a primary method to provide seamless authentication and authorization.
Consequently, it has become a primary target for cyber adversaries to gain access to privileged company data. Once inside the AD, cyber adversaries can move across systems and gain access to a myriad of proprietary and business-critical data across systems managed by AD. Adding to this, the widespread adoption of Office 365, which uses AD to authenticate users, has extended the attack surface from on-premise to cloud environments.
The Business Challenge
AD requires continuous monitoring and analysis to stay on top of changes to environments and group policies. Adding to the complexity of a constantly-changing AD environment, Windows event logs from AD are technical and require manual searching or advanced PowerShell scripting skills. Further, it is impossible to collect and aggregate Windows event logs centrally at scale.