Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & Training

Active Directory sits in a dangerous security blind spot

By Carolyn Crandall
active-directory-freepik5567.jpg
September 10, 2021

Cybercriminals are always on the lookout for security gaps. These gaps can take many forms, such as incomplete security coverage, misconfigurations, exposed credentials, and software and device vulnerabilities. Unfortunately, it remains impossible to stop 100% of attacks from infiltrating a network, especially as the attack surface grows at unprecedented rates. As a result, focusing on perimeter edge defenses alone is insufficient, and a strong shift to identity as the new perimeter is underway.


Today, organizations are increasing their investments in protecting their endpoints and in various levels of Identity and Access Management (IAM) programs. However, Active Directory (AD), often managed by security, identity, and other organizations, is often overlooked due to administrative and organizational complexity. It is also intrinsically not secure and remains dangerously vulnerable to attacks as organizations forego its safety in favor of operational efficiency and access. Compromising AD can allow attackers to grant themselves privileges to download malware for ransomware or business disruption, locate and access their targets, and change security settings that can go so far as to lock out real administrators. Given the consequences, if compromised, it represents a true Achilles Heel for enterprises and remains a factor in a majority of cyberattacks.


The Importance of Active Directory


Active Directory can be considered the GPS of the enterprise, providing authentication across resources that span the entire network. Over 90% of Global Fortune 1,000 companies use AD, making it a nearly universal authentication solution. Microsoft has estimated that threat actors attack 95 million AD accounts each day, and that number is likely even higher now. The prevalence of identity-based attacks further underscores AD's value to attackers, and the 2021 Verizon Data Breach Investigations Report (DBIR) reinforces this point, noting that 61% of breaches now involve credential data.


Unfortunately, AD is notoriously difficult to secure because it touches nearly everything on the network—and it is constantly changing. The need for operational efficiency results in overprovisioning, which creates problems of its own as organizations overlook security policies and grant unintended access and control. Most organizations will attempt to mitigate this risk by using logs and SIEMs to protect their AD environments, but this is neither complete nor effective when detecting attacks in a timely fashion. Others look to Microsoft AD audits and tools to find risks. This approach also has limitations in that these tools are generally used periodically or are extremely limited in their ability to detect and understand dangerous exposures. Organizations must look beyond traditional security tools and toward newer innovations that provide continuous visibility to AD vulnerabilities, exposures, attacks, and unauthorized access.


Don't Overlook AD Protection


AD is a prime example of a high-risk environment left dangerously unprotected. Although it represents a potential gold mine for attackers, AD sits awkwardly between endpoint and access management solutions, causing joint management and security gaps driven by a conflict in goals over its use and control. Identity teams want it operational, while management wants it to be efficient—both of which often come at the expense of security. Security teams need AD to be more secure but lack the tools to understand the risks and to influence prompt remediation. They also often lack the power to make changes to risky configurations since it could limit access for others or have unintended consequences. Only tools that provide greater visibility and a better understanding of the risks can bring them together and drive alignment on critical fixes.


Executives think of Active Directory as a service: a central management platform that ensures employees can get easy access to the resources they need. In their minds, tools like firewalls, logs, and SIEMs, combined with periodic audits, should keep AD sufficiently protected. Unfortunately, this is not the case, even if a full audit was made only days ago. Taking a passive stance on AD may have been sufficient in the past, but recent large-scale attacks have demonstrated how attackers can obtain genuine credentials to impersonate actual employees and pass straight through most identity systems. It would be negligent to leave AD exposed and at risk of compromise.


Making Life Hard on Attackers Is Critical 


Despite new investments in endpoint protections and identity management services, neither will effectively protect AD. Organizations need AD-specific protections designed to identify issues and unauthorized attempts to access their data or settings.


Visibility is a critical element of this. Enterprises need to identify changes to AD that might indicate an attacker's presence, such as mass account lockouts or deletions. Suspicious password management, brute force login attempts, and other signs can also reveal an attacker. If enterprises do not have sufficient network visibility, attackers can try all of these tactics with little fear of discovery. The earlier in the attack cycle, enterprises can detect activities like queries from non-privileged accounts, suspicious processes connecting to AD, and others, the better their chances of derailing the attack.


Taking steps such as hiding critical network assets, files, or AD objects and sprinkling false ones can fool attackers into going off course and giving themselves away. Placing deceptive credentials on endpoints can also trick attackers into revealing their presence when they attempt to use them. By making life harder for attackers, organizations can demonstrate that they are not an easy target—potentially convincing attackers that they are better off focusing their efforts elsewhere. At a minimum, it will slow adversaries down and give defenders more time to effectively respond to and mitigate the attack.


Better AD Protection Means Better Network Protection


Active Directory is a critical component of identity and authentication, but today's enterprises do not put nearly enough emphasis on its protection. Modern identity and endpoint solutions have left AD in a strange middle ground, with a complex and often conflicted web of ownership over its security. Attackers have capitalized on this lack of focus, targeting AD with millions of attacks each day.


Stolen credentials and privilege escalation take place in a significant percentage of today's attacks, underscoring the need to protect this critical asset. Placing increased emphasis on AD protection with AD-specific security tools is essential. Closing this coverage gap with better visibility and detection capabilities will help enterprises avoid losing domain control of their systems and security controls, greatly reducing cybercriminals' impact.

KEYWORDS: active directory cyber security information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Carolyn crandall 200px

Carolyn Crandall holds the roles of Chief Security Advocate and CMO for Cymulate. She is a high-impact technology executive with more than 30 years of experience.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • active-directory-freepik5567.jpg

    How to convince the C-suite to buy in to active directory security

    See More
  • active directory - cyber

    5 reasons why Active Directory is the CISO’s Achilles heel

    See More
  • Third-party risk requires risk management and assessment for the enterprise to ensure third-parties don't threaten their security

    Third parties: The risk management blind spot

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products

Events

View AllSubmit An Event
  • April 23, 2025

    Employee Perceptions of Workplace Safety in 2025

    ON DEMAND: Workplace safety continues to be a critical concern in 2025, with employees across industries expressing growing concerns about their safety at work.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing