For companies to meet the security demands of the modern enterprise, they must tightly control Active Directory (AD). Ever since the original design previewed 20 years ago, it has become the de facto standard with 90% of global Fortune 1000 companies relying on AD for authentication and access management.
With the rapid move to remote work last year and now with today’s shift to hybrid work, AD has become an attractive target for cybercriminals. Bringing employees back to the office, or back inside the network perimeter only offers limited protection from network attacks and does not protect identities.
It’s time for companies to rethink AD security and its essential role in protecting data and people. Remote work cyber risks vary. Security pros often find it difficult to guarantee the security of the network, the physical security of the location, or even the good or bad behavior of users. However, they can take simple measures, like implementing privileged access management (PAM), a zero-trust approach, and network detection and monitoring. Combined, they all can have huge impacts in protecting the identities and the resources of the organization. By thoroughly reviewing companies’ security policies and implementing modernized updates, companies can use AD to their best ability.
When revamping AD, organizations should take the following steps:
- Start from scratch.
Active Directory permissions are easily exploitable when IT teams don’t reassess privileged permissions or lock down privilege elevation. Organizations must completely assess the current state of permissions and understand the business processes and priorities behind granted privileges. Vulnerabilities multiply with inattention and the careless, unintentional granting of access. IT teams must apply rights and roles starting at the basic level by giving users the bare amount of access required. Once the team grants basic access, they can add privileged access to ensure that users have exactly the minimum rights required to carry out their role.
- Consider PAM the golden ticket.
AD systems can house many generations of admins. On top of that, on-premises security and cloud security can differ in staggering ways. With an outdated list of admins and an unaligned security system, attackers will prioritize environments that aren’t updated because there’s less chance of detection. Whether an organization has already started using PAM or just in the beginning stages, it’s still important to establish a solid privileged account discovery process, develop a privileged account password policy and implement the concept of least privilege to make sure all processes are solid and effective. By employing PAM, IT teams can easily manage who should have access to which parts of the network.
- Foster more awareness, less trust.
No one knows their entire system inside out and attackers understand this reality. Organizations such as Microsoft and the NSA are combating this by leading with a zero-trust approach, a security model for IT environments that lays out a system to protect the confidentiality, integrity, and availability of IT assets. With this, IT teams should only grant least privilege and audit all changes to AD objects to see who or what makes changes and set alerts on privilege elevation. Security pros cannot trust any admin accounts. Tracking and detecting changes can help manage exploitations and alerts can assess the forward looking need to employ PAM.
- Have a crisis kit at-ready.
Disasters happen. Scrambling in a crisis makes the problem worse. So far in 2021, we saw the Hafnium attack on Microsoft Exchange servers, a major Active Directory hack that not only could have been avoided, but could have been rehabilitated quicker with a better plan in place. As part of its recovery plan, companies should lay out how to store operating system files and the AD database, regularly backup the system data and create a backup volume on an internal or external hard drive. Set up time to create a tactical plan for when a crisis hits. The team will find it much easier to manage and recover quickly from any failures.
As the world starts to recover from the pandemic, it’s time for IT teams to restructure their AD environment security. The initial rush to remote work and rapid and disorganized shift to the cloud was not something the world was prepared for. Now that hybrid work has become the new normal IT teams should start reassessing privileges and comparing on-premises vs. remote security. This concept refocuses the employee’s identity and the place to secure. Moving forward – focus the protection on the identity. The protections ensure people are who they say they are, have the right access to the right systems at the right time, and the security team can audit them no matter where the employees work. Approach AD renovation with fervor, it will make the company more secure.
Dan Conrad, field strategist, One Identity
