Semperis on Thursday announced the release of Directory Services Protector 3.6 (DSP 3.6), which promises to simplify managing identity security in hybrid environments that use both on-premises Active Directory (AD) and Azure AD.
The company claims that DSP’s new capabilities for detecting and remediating security risks in hybrid identity environments address the challenge companies face in defending against the rise in attacks that enter companies through on-premises AD, then move to the cloud, or vice versa — like happened in the SolarWinds attack.
Continued attacks on AD environments was also underscored by new Attivo Networks research, which found that 50% of organizations experienced an attack on AD in the last one to two years, with more than 40% indicating the attack was successful. Attivo found that penetration testers successfully exploited AD exposures 82% of the time, suggesting that actual attack findings may be underrepresented because of a lack of visibility to exploits.
While a lot of media coverage and threat research describes phishing as a primary vector of initial reconnaissance and compromise — bad actors often target a critical business system — such as AD — that will significantly or entirely impact an organization's operations, said Carla Roncato, senior industry analyst at the Enterprise Strategy Group.
“The decision for organizations often comes down to the cost of downtime versus the cost of paying out the ransom,” Roncato said. “Effectively evicting the threat actor even if/or after they provide you with the private keys to decrypt your data and systems is incredibly difficult when they can linger in your AD environment, still undetected and lay in wait.”
Frank Dickson, program vice president for security and trust at IDC, added that as we look at ransomware, for example, the encrypting of data has become the last step in the attack. Defeating the actual encryption is noteworthy, Dickson said, but it’s really too late as the attacker has likely already compromised a system, moved laterally, escalated privileges, and exfiltrated data.
“Defeating the ransomware attacker ultimately requires improving the resilience of enterprise identity, strengthening authentication, and implementing least privileged access,” Dickson said. “Since the majority of enterprise identity is based on Active Directory or Azure Active Directory, tools to improve and embed AD identity hygiene, identity life cycle management, and resiliency are critical.”