Attivo Networks Extends Microsoft Active Directory Protection
Attivo Networks today announced it has extended Active Directory protection by adding an ability to more efficiently detect identity-based attacks at the domain controller level from all endpoints.
Carolyn Crandall, chief security advocate at Attivo Networks, said cybercriminals routinely target Active Directory domain controllers to gain the privileges needed to install backdoors, change security policies and distribute malware. Attivo Networks ADSecure-DC is designed to identify attacks targeting Active Directory along with suspicious user behaviors using deep packet inspection and behavioral analytics.
Cybercriminals target Active Directory because it’s widely used by organizations to manage who within an organization is allowed to access resources. The Hermetic Wiper attacks being employed in the Ukraine conflict are the latest examples of an attack that depends on gaining access to privileges that organizations manage via Active Directory, noted Crandall.
Once compromised, it then becomes relatively trivial for cybercriminals to compromise the entire IT environment. According to an Enterprise Management Associates (EMA) research report, half of the organizations surveyed experienced an attack on Active Directory (AD) with more than 40% indicating the attack was successful.
The Attivo Networks ADSecure-DC offering joins an existing suite of Active Directory protection tools that include ADSecure-EP, which operates on the endpoint and prevents attackers from seeing and accessing privileged credentials in Active Directory, ADAssessor for continuous AD exposure visibility and ThreatPath, which identifies and remediates exposed and risky credentials on the endpoint.
Those capabilities are now being extended to include the ability to protect the domain controllers for Active Directory, said Crandall.
In general, Microsoft Active Directory is too ubiquitous for organizations to easily replace it despite a wide range of security vulnerabilities that are often exploited, noted Crandall. As such, the only practical alternative, from a security perspective, is to use a range of tools to better secure it, she added.
As the volume and sophistication of cybersecurity attacks continue to increase, the need to secure core infrastructure platforms like Active Directory is becoming a major priority. The challenge is that Active Directory is only one of many platforms that need to be defended; the overall attack surface that cybersecurity teams are asked to secure continues to steadily expand. Many of those platforms are not only running Windows but also macOS, Linux and a wide range of other operating systems. In addition, there are a number of devices that drive internet of things (IoT) applications that are also managed via Active Directory, noted Crandall.
It’s not clear to what degree cybersecurity teams, rather than the usual IT operations teams, are focused on securing instances of Active Directory. Regardless of who is responsible for the platform, however, it’s clear there is a need for greater cooperation between security and operations teams to ensure cybersecurity. After all, cybercriminals don’t particularly care who failed to secure Active Directory. All they are counting on is that it remains the path of least resistance into many enterprise IT environments.
