Articles about Active Directory

New research from Specops has analyzed 10 million random passwords from the billion+ breached password list used by Specops Password Auditor and finds that a startling 98.5 percent are weak.

The research defines a ‘strong’ password as having at least 15 characters in length and at least two different character classes. A long password of 15 identical-class characters (for example all lowercase) is easier to crack than one that mixes in digits or symbols.

Continue reading →

Organizations are continuing to struggle to identify and address security vulnerabilities in hybrid identity systems such as Active Directory, Entra ID, and Okta.

This is among the findings of a new report, from AI-powered identity security and cyber resilience company Semperis, which is based on results from Purple Knight a free Active Directory security assessment tool by Semperis that has been downloaded by 45,000+ organizations.

Continue reading →

Microsoft Active Directory (AD) turned 25 earlier this year -- remarkable longevity in the technology world. It’s the identity backbone for more than 80 percent of enterprises, meaning a breach could be catastrophic.

We spoke to Sean Deuby, principal technologist at Semperis, to look at the top considerations for protecting AD for the future, as most organizations he talks to have no plans to move on from the aging technology.

Continue reading →

After 25 years, Active Directory remains a stalwart of IT infrastructure. Supporting access for an estimated 610 million employees, it enables seamless, secure connectivity to the networks that power daily business operations worldwide. Favored by nearly 90 percent of Global Fortune 1000 companies, according to Frost & Sullivan, Active Directory has long been the primary mechanism for enabling staff to connect, collaborate, and work efficiently.

Despite the rise of cloud-based alternatives, Active Directory's scalability, compatibility, and established integration with Windows environments has ensured its continuing appeal for hybrid and on-premise infrastructures. Its unrivaled scalability and powerful centralized control make it the go-to solution for managing users, devices, and policies at scale.

Continue reading →

A new survey of more than 1,000 IT and security professionals carried out for Cayosoft finds that 88 percent of enterprise hybrid Active Directory environments have critical vulnerabilities.

Microsoft Active Directory is a key element of enterprise IT, but the 2025 Active Directory Insights report identifies glaring gaps in resilience, security, and operational efficiency that could leave critical systems exposed to attack.

Continue reading →

Microsoft Active Directory is used by a majority of the world’s organizations. But Cyberattacks and misconfigurations targeting AD have surged in recent years, leading to critical outages and data loss.

We spoke to Bob Bobel, CEO of Cayosoft, about how to address critical weaknesses in enterprise infrastructure associated with Microsoft Directory services.

Continue reading →

Non-human identities (NHIs) refer to things like API keys, service accounts, system accounts, OAuth tokens. You may not give them too much thought, but a new report from Silverfort looks at the impact they have on an organization's cybersecurity.

Active Directory service accounts -- used for machine-to-machine communication within Microsoft’s Active Directory's (AD) environments -- are the most common and regularly compromised NHIs.

Continue reading →

Active Directory (AD) was introduced in the late 90's when corporate networking barely had virtualization and remote work, not to mention cloud services.

AD controls authentication and authorization to most of an organization's on-premises applications and data, and through synchronization and federation with Entra ID, Okta or other cloud identity provider (IDP) provides these same controls to cloud applications and resources.

Continue reading →

A 'forest' -- in case you didn't know -- is the top-level logical container in an Active Directory configuration that holds domains, users, computers, and group policies.

This level presents a security challenge and a new survey of 1,000 IT professionals from Cayosoft reveals a 172 percent increase in forest-wide Active Directory outages since 2021.

Continue reading →

Hybrid computing environments, which combine on-premises and cloud-based technologies, have become increasingly common in recent years. This shift has created new security challenges for IT leaders, particularly when it comes to managing the security of identity environments.

We spoke with Ran Harel, associate vice president of security products at Semperis, to find out more about the changing risk landscape and how it can be addressed.

Continue reading →

Active Directory (AD) is used by 90 percent of enterprises as the primary source of trust for identity and access. But it can also be a weak link, exploited in many modern cyberattacks.

We spoke to Ran Harel, senior director of product management at Semperis, to explore the challenges in securing a hybrid AD environment and how organizations can best defend this expanded attack surface.

Continue reading →

As competition hots up, companies are aiming for more transformational change in a crowded market, with many turning to mergers and acquisitions of other players in a bid to achieve that. This shows no signs of slowing down in 2022 and beyond, with 92 percent of corporate respondents anticipating the same or an increase in the deal volume over the next 12 months according to Deloitte.

Whilst the overarching focus is on the financial side, the work going on under the surface to make these mergers a success is monumental, and fraught with difficulties due to the business demands for rapid change. While sometimes overlooked, the role of IT teams during M&As is pivotal in ensuring there is no disruption when it comes to accessing or sharing resources.

Continue reading →

In 2021, there was a surge of attacks targeting Active Directory domain controllers in order to gain the privileges that are needed to install backdoors, change security policies, and distribute ransomware or malware.

In recent days there have also been attacks targeting organizations in the Ukraine using the HermeticWiper malware which is implanted via Active Directory to destroy data on the machine.

Continue reading →

Who could forget the infamous NotPetya attack of 2017? Within hours, malware crippled companies around the globe -- most notably shipping giant Maersk. Because while Maersk had backups of many of its mission-critical servers, no one at the company could locate a single backup of a domain controller. In other words, a backup of their Active Directory (AD) was all but lost -- leaving the company at a complete standstill. In total, the attack cost the shipping giant a whopping $300 million.

In today’s business world, as successful cyberattacks remain the norm, it’s imperative that organizations have backups in place for when a cyber incident inevitably occurs. And the best place to start mapping out your disaster recovery strategy is around your AD: the operations backbone of your organization.

Continue reading →

Microsoft's Active Directory is used by many businesses as a way of managing identity services and controlling access.

But if it's not configured correctly it can lead to security risks. But how dangerous is this and what can enterprises do to keep themselves safe? We spoke to Andy Robbins, technical product architect at SpecterOps to find out.

Continue reading →