Most Orgs Vastly Overconfident in Active Directory Security

A majority of companies falsely believe their Active Directory (AD) is secure, even as gaping holes offer intruders a gift-wrapped payday.

According to a survey conducted by Skyport Systems of more than 300 IT professionals located in North America, false confidence in AD security is rampant, even as controls are actually underperforming, leaving organizations open to attack from outside hackers and insider threats.

More than 50% of respondents rated their AD as either ‘secure’ or ‘very secure’, while more than one-third of the remaining 50% rated their AD as ‘moderately secure’. Only 2.5% of respondents rated their AD as ‘not secure’.

As a result, although AD is the main target of attacks and is usually highly vulnerable, more than half of respondents either said that AD security is not a priority for the coming year or that they’re unsure if it is.

The stakes are high: Adversaries and penetration testing teams frequently target AD administrator credentials and workstations in order to breach an organization, because a successful compromise is difficult to detect, and it unlocks every piece of the IT infrastructure — users, data, applications, computers, storage and the network.

“Smart configuration and governance of your AD admin accounts, policies and passwords is a great first step, but still not enough,” said Art Gilliland, CEO of Skyport. “AD is the keys to the kingdom and should be protected at all costs. We know that IT teams are being asked to do more with less, which is why it’s important to explore hyper-converged security models that reduce workload and increase visibility to ensure a completely turnkey, secure environment for the applications that matter most.”

There’s a disconnect between perception and reality: Glaringly, 70% have neglected to implement multi-factor authentication. Also, 41% allow unspecified workstations to access domain controllers; and 22% use administrator credentials to read email or browse the web. This dovetails with earlier results showing a widespread epidemic of AD mismanagement. According to Skyport, this unknowingly exposes 90% of enterprises to security breaches.

“While it’s possible that some of the respondents were intentionally overstating their confidence in their company’s AD security, it could be the case that most organizations are simply unaware of how vulnerable their AD really is,” the report postulated. “In fact, some red-team pen testers claim nearly a 100% success rate when they are hired to breach an organization’s AD infrastructure.”

What’s Hot on Infosecurity Magazine?