Establishing operational resilience in the face of cyberattacks has become a top priority for organizations. As a core component of the IT infrastructure, Active Directory (AD) must be at the center of that process. But who is responsible for ensuring Active Directory is both protected and can be recovered quickly when a cyberattack occurs? In many organizations the answer is not clear, which can lead to missteps in detecting, defending against, and responding to cyberattacks.
AD is part of an IT organization’s Tier 0 infrastructure, meaning that it is a service upon which the company’s critical applications and processes depend. If AD isn’t running, many information systems shut down. AD is the primary authentication service for nearly all companies, and usually serves as the primary “source of truth” for the company’s identity management and authorization functions. AD provides endpoint configuration services through group policy. And AD-integrated DNS is a core networking service for most IT organizations. Nearly every cyberattack uses AD at some point in its evolution.