Active Directory (AD) is often the first port of call in cyberattacks. Mandiant consultants estimate that about 90% of the attacks their team investigates involve AD in some form, whether it was the initial attack vector or targeted to achieve persistence or privileges. Because it is the primary method for authentication and authorization for 90% of the world’s enterprises, AD contains a myriad of valuable company and employee data. Targeting AD provides attackers with the wealth of information needed to access sensitive data, deploy ransomware and a host of other nefarious activities.
Despite the high volume of attacks, AD still works brilliantly for businesses worldwide (including most of the Fortune 1000) that use the technology for managing permissions and network access. And, with more users working from home on multiple devices and cloud-based apps, AD has become foundational to the hybrid identity architectures we now see in enterprises —making AD more important than ever.