Most companies falsely believe their Active Directory is secure

A majority of companies falsely believe their Active Directory (AD) is secure, according to a new survey conducted jointly by Skyport Systems and Redmond Magazine.

The response from more than 300 IT professionals located in North America revealed that AD security is in fact underperforming at those companies participating in the survey, leaving organizations open to attack from outside hackers and insider threats.

The survey sheds new light on how organizations are protecting their privileged credentials stored in AD against a backdrop of escalating daily attacks.

Confidence in Active Directory security

The survey revealed that most organizations are at least somewhat confident in their AD security:

• More than 50 percent of respondents rated their AD as either “secure” or “very secure.”
• More than one third of the remaining 50 percent rated their AD as “moderately secure.”
• Only 2.5 percent of respondents rated their AD as “not secure.”

“Smart configuration and governance of your AD admin accounts, policies, and passwords is a great first step, but still not enough,” said Art Gilliland, CEO of Skyport Systems. “AD is the keys to the kingdom and should be protected at all costs. We know that IT teams are being asked to do more with less, which is why it’s important to explore hyperconverged security models that reduce workload and increase visibility to ensure a completely turnkey, secure environment for the applications that matter most.”

Vulnerabilities could exist

Data points indicate vulnerabilities could exist:

• 70% had neglected to implement multi-factor authentication.
• 41% allowed unspecified workstations to access domain controllers.
• 22% used admin credentials to read email or browse the web.

Although AD is the main target of attacks and is usually highly vulnerable, more than half of respondents either said that AD security is not a priority for the coming year or that they’re unsure if it is.

Adversaries and penetration testing teams frequently target AD administrator credentials and workstations in order to breach an organization, because a successful compromise is difficult to detect, and it unlocks every piece of the IT infrastructure — users, data, applications, computers, storage, and the network. According to Skyport’s AD security assessment for enterprises in 2016, AD mismanagement unknowingly exposes 90 percent of enterprises to security breaches.

While it’s possible that some of the respondents were intentionally overstating their confidence in their company’s AD security, it could be the case that most organizations are simply unaware of how vulnerable their AD really is. In fact, some red team pentesters claim nearly a 100% success rate when they are hired to breach an organization’s AD infrastructure.