New resource provides timely index of escalating cybercriminal tactics, practical resources for cybersecurity skill-building, and latest Active Directory and Azure Active Directory vulnerabilities
Semperis, the pioneer of identity-driven cyber resilience for enterprises, announced the release of the Active Directory Security Halftime Report, the first in a periodic series of insights and practical skill-building resources for preventing and mitigating identity-related cyberattacks. The report addresses the surge in identity-related attacks and vulnerabilitiesโfrom the Colonial Pipeline breach to the Windows Print Spooler vulnerabilityโwith expert advice on hardening identity security postures that have eroded through years of misconfigurations and lagging skillsets.
Recommendedย ITechย News: Epiphany Systems Announces Strategic Partnership with Armis to Identify Critical Attack Paths Across OT and IT Environments
โYou have people that know AD extremely well, but their thinking is more operationally relatedโ
โActive Directory remains the beating heart of identity managementโthe core of the identity platform for most organizationsโbut everything around it has changed rapidly,โ said Mickey Bresman, CEO at Semperis. โAD secure configuration was not as much of a concern 15 years ago, and many recommendations that were provided at the time proved to be insecure and have been completely revised since. A lot of the mistakes that were made then are the problems organizations now need to address.โ
Recommendedย ITechย News: Apps Associates Launches Data Skylightโข
Bresman also calls out lagging skillsets at a time when conversations about protecting the business from cyberattacks are converging for identity and security teams.
โYou have people that know AD extremely well, but their thinking is more operationally related,โ said Bresman. โOr you have people that know red-teaming and security extremely well, but they are not AD experts. It’s not that simple to find that combination of skills in a single person.โ
Against a backdrop of these escalating identity-related cyberattacks, the Active Directory Security Halftime Report highlights the essential areas of focus for identity and access management (IAM) teams, security teams, and CISOs responsible for guarding organizationsโ identity systems.
More than two-thirds of the Halftime Report will provide how-to guidance from highly experienced identity experts (including longtime recognized Microsoft MVPs) for preventing, mitigating, and recovering from identity system cyberattacks. Identity systems continue to be a prime attack vector for cybercriminals despite well-known vulnerabilitiesโespecially in Active Directory, the core identity store for 90% of businesses worldwide.
Recommendedย ITechย News: DAS42 Accelerates Growth With Acquisition of Elasticitiโs Data Analytics Consulting Team
With an emphasis on fast-track skills-building for identity and security professionals, the Active Directory Security Halftime Report consolidates:
- Practical guidelines for hardening AD security by closing common gaps that can be uncovered with the free security assessment toolย Purple Knight, built by Semperis identity and access management (IAM) experts;
- New perspectives on building a cyber-resilient organization by breaking down siloes between identity and security teams;
- Tips for managing security in increasingly complex hybrid identity systems, particularly across on-premises Active Directory and Azure Active Directory environments; and
- Trends in cybercriminalsโ tactics for compromising identity systems, as highlighted in the monthly Semperisย Identity Attack Watchย series.
The Active Directory Security Halftime Report, available atย https://pages.semperis.com/2021-ad-security-halftime-report/, will be updated on a periodic basis to serve as a timely, concise index of resources for organizations that have prioritized hardening their Active Directory and Azure Active Directory defenses against escalating cyberattacks.
Recommendedย ITechย News: Code42 And Rapid7 Partner To Deliver Enhanced Detection And Investigation Of Insider Threat Events
Although the threat landscape is continually expanding, organizations can improve their security posture by methodically identifying and addressing the well-known identity-related vulnerabilities covered in the Active Directory Security Halftime Report.
โRegardless of the particular mix of on-premises and cloud systems and assets, every organization will need to protect the identity store,โ said Bresman. โIdentity is going to continue to play a huge role in the protection game that we are playing against the adversaries.โ
Recommendedย ITechย News: Traceable AI Releases The Industryโs First Free API security solution
