Active Directory remains a prime target for cybercriminals – with nine out of ten attacks coming via AD.
Tobie Kottman, Enterprise Channel Director at Semperis, is at the forefront of battling this threat and recently joined the Life’s a Breach podcast.
Semperis claims to offer ‘the industry’s most comprehensive AI-powered defense for on-prem AD and Entra ID, bar none’.
Tobie revealed many organisations aren’t fully aware of how vulnerable they are to an AD attack – and one question often uncovers this blindspot.
In a fascinating chat with Cyber Fusion Distribution’s x – which you can listen to here – he revealed: “We’ll talk to a lot of organisations who think that they have a really good backup plan and our first question is: ‘When was the last time you tested it?’ We get varying answers to that and a lot of the time you’ll find that it’s never been tested.
“If AD goes down, it’s a massive headache. A lot of organisations think they’re in a good spot with AD – but I would say test your backup procedures and [ask] is that backup procedure documented? Also, where do you keep it, because if you’re keeping it in an application that’s behind active directory, then potentially that’s no good because you’re not going to be able to get to it if AD goes down.”
One of the ways Semperis is helping harden AD defences is with its ‘Purple Knight’ software; a free AD, Entra ID, and Okta security assessment tool to help users discover indicators of exposure (IoEs) and indicators of compromise (IoCs) in hybrid AD environments.
Tobie stressed AD might be 24 years old but its security requires particular attention as it is often the ‘soft underbelly’ of an organisation, leaving it open to exploitation.
“It’s really just to not be afraid to look under the covers and see what’s actually happening” he said. “Have everything you think you’ve got in place, have you got it in place and is it working as you’d expect it to be?’
He advised CISOs to understand what their recovery processes look like and urged a ‘back to basics’ approach against the backdrop of budget cuts, adding: “There is nothing more basic than looking at the individuals that work in organisations, so an identity, and putting the security controls around those individuals. That’s obviously where active directory first comes into play because that’s where that identity is first populated in an organisation, so the roles, phone numbers, access controls and everything kind of comes from that spot.
“CISOs are going to have to do perhaps do more with less, so I think we’ll continue to see scrutiny from the board on how the security teams are spending their budgets.”
He also flagged looming compliance regulation changes are also adding pressure – such as DORA (the European Union’s “Digital Operational Resilience Act) – sparking increased demand.
Tobie went on: “We’ve seen towards the end of this year a bit of a hockey stick in terms of organisations coming to us who know that they’re going to have to adhere to this compliance by the end of January and they’re now rushing to go and make sure that they can do that, and from our point of view that’s a resilience-driven conversation.
“We still kind of look towards the US being almost 18 months ahead in terms of some of that compliance stuff driving the business but we are seeing that now in the UK. Dora especially, but also NIS2, is going to accelerate the conversations we’re having.”
Watch the full episode of Life’s a Breach here: