It is a given that most large enterprises use Active Directory – an on-premises directory service owned by Microsoft – to manage user account privileges.
By Stefan van de Giessen, Country Manager: SA and SADC at Exclusive Networks Africa
However, managing and securing Active Directory is extremely complex, particularly at scale within an enterprise, and presents IT security managers with the challenge of keeping threat actors at bay.
A breach of Active Directory through a ‘Golden Ticket’ attack means a threat actor is granted almost unlimited access to an organisation’s domain – devices, files, domain controllers and more – by accessing user data stored there.
Managing Active Directory at enterprise level
The purpose of Active Directory is to enable IT departments to create and manage user accounts and control access to resources on corporate networks. With it, administrators can create and enforce security policies for the network.
IT managers are aware that, once an attacker gains a foothold in an organisation, they then require access to a privileged user account as the next step. They will therefore target users with high-level privileges to gain access to the information they are looking for.
With access to these high-level privileges, an attacker can then create dormant accounts, giving them backdoor access so that even if they are discovered they can return to the environment unnoticed – even being able to erase their forensic footprints as they move laterally through an organisation’s network. Managing Active Directory securely at scale in an enterprise therefore requires a tremendous amount of expertise and constant attention – as well as the right tools[1].
Powerful partnerships to safeguard your Active Directory
Exclusive Networks Africa’s partnership network allows us to provide more than one solution to secure Active Directory environments and thereby assist organisations to disrupt this attack paths. This holds true for both advanced persistent threats as well as more opportunistic breach attempts.
We are able to offer world-beating Software as a Service (SaaS) solutions with on-premises deployment options. The solutions we have partnered with allow administrators to see everything in the organisation’s complex Active Directory environment, predict what matters to reduce risk, and eliminate attack paths before attackers exploit them. They can monitor activities such as:
- The creation of new administrator accounts
- Hiding accounts
- Permission changes
- Adding new groups
- Adding users to groups; and
- Creating trust relationships.
Keeping on top of the security of Active Directory is crucially important for businesses because the service ‘holds the keys to the kingdom’ by providing access to systems, applications and resources. Businesses must be aware of vulnerabilities and take steps to strengthen their Active Directory security, to keep their networks safe from cyberattacks.
We invite you to partner with us
As a value-added distributor, Exclusive Networks Africa prides itself on our partnerships with world-leading security companies that offer innovative, ground-breaking and disruptive solutions. We have significant global resources at our disposal, backed by local expertise and experience, while our global reach and in-depth knowledge facilitate a lower cost to purchase, painless migrations and seamless project coordination.
For more information, please visit https://www.exclusive-networks.com/za/ or call +27 (0) 11 280 8400.
[1] https://www.tenable.com/blog/disrupting-the-pervasive-attacks-against-active-directory-and-identities