Q&A
Don't Make Active Directory Your Enterprise Security Liability
With cyberattacks targeting Active Directory rising, it's up to IT to harden their environments.
Active Directory is the lifeblood of hybrid workforces and modern enterprises. However, as the years have passed, it's become a massive target for attackers. A recent survey found that 79 percent of those environments running Active Directory have experienced a recent outage – with the driving force of many outages being pointed to cyberattacks.
It's a problem that will only get worse before it gets better. That's why it's so important for IT to arm themselves with both the knowledge of today's threat landscape and how to protect their environments from costly Active Directory downtimes.
Ahead of 19-time Microsoft MVP Derek Melber's TechMentor (taking place at Microsoft headquarters Aug. 5-9) session, "Hybrid Active Directory Attacks: Anatomy and Defenses," he sits down with Redmond to discuss what's new in the world of Active Directory and, if you're not worried about the security side of your environment, why you should be.
Redmond: We're a few months into the 'Entra ID' era now. In your opinion, did the name switch from 'Azure AD' also bring significant changes? What are the biggest features in Entra ID that people might be unfamiliar with?
Melber: Â There's quite a few. But in a nutshell, Conditional Access Policies, Password Enhancements like banned list, and Multi-factor authentication are pretty big game-changers.
How does a hybrid AD setup change the security strategies that IT needs to adopt, versus what they use with traditional on-premises AD? Are there different tools they should be using?
The security strategy just "grows". On-prem AD and Entra ID are not at all similar! So, the approach, details and tools are totally different. Unfortunately, Entra ID is still not getting the tools it needs.
"If the attacker gets privileges in AD, they typically have access to everything, as AD is the center of most organizations identity platform. "
Derek Melber, 19-time Microsoft MVP
It seems like there have been a lot of high-profile AD attacks in the last couple of years. Has AD always been a porous? What makes it such a big target?
AD is a huge target for many reasons. One, everyone has it. Two, not everyone understands how to secure it. Three, many legacy environments (apps, services, etc.) need to have "weak" security in AD, which opens it up to attack. Four, attackers need credentials to more laterally and gain privileges, AD is there for the attack. Five, IF the attacker gets privileges in AD, they typically have access to everything, as AD is the center of most organizations identity platform.
How has the commodification of AI change the AD threat landscape? Do you see any ways that IT pros can use AI to help them protect AD?
I don't think AI changed it much. The info has been there for years. It might help make it easier, but the info is the same.
What predictions can you make about the evolution of security threats to hybrid AD environments in the coming years? What should IT professionals be most prepared for?
I see very little changing in the next few years. Entra ID will continue to gain features and popularity. On-prem AD will continue to be needed and neglected. CORE security hygiene of both environments is the key to helping protect them. Detections are key, but it is like having a camera in your house. You don't want to be on vacation to see someone in your home. It is too late! Prevention is the key!
To learn what you can do to combat the rising tide of Active Directory attacks directly from Microsoft MVP Derek Melber, join us for this year's TechMentor. Register by June 7 to save $400.