Skyport Systems Analysis Finds Active Directory Mismanagement Unknowingly Exposes 90 Percent of Enterprises to Security Breaches

 
 

Active Directory Deployment Best Practices Radically Improves Security Posture

MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)--Skyport Systems, a leading secure, hyperconverged infrastructure provider for the hybrid enterprise, has found that many enterprises overly expose Active Directory (AD) administrators’ credentials, leaving companies vulnerable to security breaches. Skyport reached this conclusion after conducting comprehensive AD security assessments for enterprises over the past year.

Skyport’s AD security assessments are based on a 100-point investigation into an organization’s current AD implementation, enabling scoring of the overall health of the organization’s AD infrastructure. The findings from each assessment highlight key lessons learned, benchmarks, and operational implications for reducing risk within the organization.

“We know that over 90 percent of all organizations use Active Directory to control policies for users and services,” said Russell Rice, senior director, product management, Skyport Systems. “Successful attacks against AD or admin credentials can be devastating because the blast radius reaches nearly every system in the enterprise. The data we collected and analyzed shows that organizations need to pay more close attention to their AD infrastructure and use a modern approach to securing AD since many attack tools are widely available, effective and free,” said Rice.

Security experts recommend the following four pillars to protect against cyberattacks:

Implement AD hygiene by limiting domain admin privileges, configuring secure password policies, and frequent patching.
Make admin workstations secure to prevent credential theft and misuse.
Protect Domain Controllers (DCs) against insider and outsider threats.
Build an isolated admin forest for large or complex enterprises.
Despite these measures, there are many ways organizations’ defenses break down, according to key findings from Skyport’s Active Directory security assessments. These key findings include:

Over 50 percent of the organizations assessed allow administrators to use the same account to configure AD as they use for everything else.
Microsoft recommends implementing secure administrative workstations (SAWs) for management of AD. However, less than 10 percent of the organizations Skyport Systems assessed have implemented a SAW.
Fewer than 25 percent of the organizations use multi-factor authentication (MFA) for AD administrator accounts.
It is a best practice to severely limit the systems that are permitted to alter the AD configuration. However, almost none of the organizations assessed implemented host-based firewalls for the DCs, and less than 15 percent use administrative whitelists.
Microsoft has recommendations for building an Enhanced Security Administrative Environment (ESAE), but virtually no mid-market enterprises appear to be aware of, or effectively implement these guidelines.
Obtain a full copy of the AD Assessment Findings here.

Visit Skyport Systems at the RSA Conference February 13-17 in San Francisco, Calif. at the Moscone Center, North Expo booth #3941. Confirm a time to meet with us at RSA and see how we can partner to secure your most critical applications.

Resources:

Learn more about the Skyport Active Directory Assessment program and securing Microsoft Active Directory with Skyport SkySecure.

About Skyport Systems

Skyport Systems helps innovative companies gain the control and confidence to securely run their critical applications. The company offers the award-winning SkySecure, the industry’s first hyperconverged system that simplifies the deployment, management and security of today's complex data center. With security built-in from the ground up, SkySecure offers assurance protection of an on-premises solution with the flexibility and agility of a fully managed cloud-based infrastructure. By combining compute, virtualization, networking and storage onto a single platform, IT departments can streamline and automate their daily operations and maintenance that saves time and resources, without sacrificing security or performance. Headquartered in Mountain View, Calif. Skyport is funded by Cisco Ventures, Index Ventures, Intel Capital, Google Ventures, and Sutter Hill Ventures. For more information, visit www.skyportsystems.com

Skyport and SkySecure are registered trademark of Skyport Systems, Inc. in the United States and/or other countries. All other trademarks mentioned are the property of their respective owners.