How to stop attackers from owning your Active Directory

Carolyn Crandall, Chief Security Advocate and Tony Cole, Chief Technology Officer, Attivo Networks


Click the button below to download the full text of the article.



Abstract: More than 90 per cent of organisations use Active Directory (AD) as their identity management system, which serves as a master directory and the means to control access to enterprise services. Its central role in governing user identity and authentication means AD is a primary target for threat actors. Compromising AD means attackers can access the most critical systems and assets on the network or gain administrator privileges to take over the domain. Many traditional security solutions will not notice this activity because the user account appears to be operating within the scope of its privileged access rights. The tactics the attackers use can evade traditional detection systems since they are not designed to detect credential theft, privilege escalation and lateral movement. Identity visibility solutions reduce the attack surface by identifying exposed credentials, domain controller vulnerabilities and cloud overprovisioning. Identity detection and response (IDR) solutions add detection of attempts to exploit AD and credential protection from theft and misuse. This paper will discuss how threat actors attack and exploit AD, and what organisations can do to protect their AD environments.


Keywords: Active Directory protection; cyber deception; credential protection; identity detection and response (IDR); identity security; domain controller attacks; ransomware preparedness


Carolyn Crandall is the Chief Security Advocate at Attivo Networks, leader in identity detection and response solutions. She is a high-impact technology executive with over 30 years’ experience in building new markets and successful enterprise infrastructure companies. Carolyn has a demonstrated track record of taking companies from pre-IPO through to multibillion-dollar sales and has held leadership positions at Cisco, Juniper Networks, Nimble Storage, Riverbed and Seagate.


Tony Cole has more than 35 years’ experience in cyber security and today is the Chief Technology Officer at Attivo Networks, responsible for strategy and vision. Prior to joining Attivo Networks, he served in executive roles at FireEye, McAfee and Symantec and is a retired cyber operator from the US Army. Tony previously served on the NASA Advisory Council and the (ISC) Board of Directors as Treasurer and Chair of Audit and Risk. Today he serves on the Gula Tech Foundation Grant Advisory Board, helping the foundation give back to the community to drive a more diverse cyber workforce.

Read this featured article now.
To read this article and receive further updates on Henry Stewart Publications content please register using the form below.