Half of businesses experience attacks on Active Directory
Active Directory, the directory-based identity services platform, is used by 90 percent of enterprises worldwide making it an attractive target for hackers.
New research part sponsored by Attivo Networks and conducted by Enterprise Management Associates (EMA) shows half of organizations experienced an attack on Active Directory in the last two years, with over 40 percent saying the attack was successful.
In addition penetration testers successfully exploited AD exposures 82 percent of the time, which suggests that actual attack findings may be under represented due to lack of visibility to exploits.
Because of these threats, 86 percent of organizations say they plan to increase investment in protecting AD. They cite the increased prevalence of AD attacks (25 percent), an increase in remote or work-from-home activity (18 percent), an expansion of cloud usage (17 percent), as well as the prevalence of advanced attacks, such as ransomware 2.0 (15 percent), as top reasons for doing so.
"If you're not doing your diligence here, like proving during your pen tests that an attacker cannot exploit Active Directory, then you're not giving sufficient security control," says Carolyn Crandall, chief security advocate at Attivo Networks. "Also insurance companies are getting more savvy. They have been paying out less and some are refusing to pay out at all. And so, they may start to put this as part of their requirement, that if you don't protect your credentials and your Active Directory environments you didn't have proper security protection."
The survey shows a trend in the repeated mention of privilege escalation and over provisioning issues, as well as lack of visibility to understand misuse and policy drift easily. These discoveries all underscore the point that effective Active Directory protection requires close permission control and access management but must also include multiple layers of visibility and live attack detection.
Crandall adds, "Attivo's identity detection and response (IDR) solutions squarely address this gap in protection, offering crucial visibility into the AD environment, allowing organizations to address AD attacks in real-time and identify risks within their AD before malicious actors exploit them."
The full report is available from the Attivo site.