In the recent SolarWinds hack and Ransomware attack on Colonial Pipeline, Active Directory (AD) compromise was at the core of the attack playbook. In this 3-part blog series, we look at protecting Microsoft Active Directory – which is central to most enterprise architectures. We will cover aspects related to understanding the AD Attack Surface, look at Attack Paths, and finally, we will discuss how a unique fusion of Advanced Deception and Graph Theory can be used to protect AD. This first blog discusses the AD Attack Surface that attackers exploit to perform lateral movement, escalate privileges, and maintain persistence in the enterprise network.
When the first version of Active Directory was released two decades ago, it was built on the philosophy of inherent trust models within the boundaries of a network. Against the backdrop of these legacy architecture principles, securing this crown jewel is a challenge. As an enterprise grows, new users, computers, applications, and cloud services are added to the enterprise network. Each such addition is a new object that is managed in AD. Administrators must set up new accounts, grant the required permissions to these accounts, and manage configurations to enable these accounts to communicate with devices and applications within the enterprise network and beyond. These factors have led to an exponential increase in the complexity of securing AD.
The AD attack surface comprises all infrastructure elements, vulnerability vectors, and other factors in the AD ecosystem that attackers can use to enter, traverse through, or exit from the enterprise network.
Technological advances in workforce mobility, digital transformation, and cloud adoption have led to a rapid increase in attack surface area. In addition, everyday business events, such as new remote or branch office networks, onboarding of partners and contractors, and M&A integration activities, all contribute to a dynamically changing AD ..
Support the originator by clicking the read the rest link below.
