AD: Essential steps to prevent data breaches
Active Directory (AD) breaches cost businesses hundreds of millions of rands each year. Still, research shows the reputational damage left in the wake of such events often proves far more costly for organisations.
It is estimated that South African businesses collectively lose R1.05 billion annually due to mistrust alone following corporate data breaches – which themselves cost companies an average of R49.45 million in data loss and ransomware payments per breach, according to the 2023 Cost of a Data Breach Report published by IBM.
This raises the question: How can organisations effectively secure their AD in this modern era, where credential theft, social engineering and other mechanisms to infiltrate a business’s systems are rife?
The answer, according to industry experts, lies in adopting comprehensive and adaptive security measures and employing innovative solutions designed to protect businesses. However, you can’t secure what you are unaware of, and understanding your AD security posture is a key component in protecting your business.
Active Directory, the cornerstone of most Microsoft-based networks, has been in use since 1999. However, many AD deployments have not evolved to counter modern threats effectively. The integration of on-premises AD Domain Services with cloud-based Entra ID (formerly Azure AD) has introduced new vulnerabilities that cybercriminals are quick to exploit.
“Organisations require a comprehensive auditing strategy to help understand their AD and Entra ID risks,” says Patrick Assheton-Smith, CEO of Symbiosys IT. “This allows for effective remediation and ongoing vigilance, ensuring our clients’ environments are secure.”
A robust assessment focuses on various critical aspects, including identifying potential pathways for attackers, assessing the security of privileged accounts, detecting inactive or outdated objects that could be exploited, and ensuring secure protocol configurations. For Entra ID, the evaluation includes identity and access management configurations, baseline security settings and policies managing user access based on conditions.
“AD Tiering is a security framework designed to mitigate the risk of credential theft and lateral movement within an organisation's network,” explains Assheton-Smith. “It involves segregating access to resources and administrative accounts into distinct levels or tiers based on their sensitivity and risk.”
Despite its importance, only 30% of customers surveyed during a Quest Software conference in September 2023 reported using Tiered Access security. One reason for this low implementation rate is the complexity of design and implementation. However, Symbiosys has refined this process over many years, making it efficient, flexible and maintainable.
“The need for AD Tiering is due to the nature and frequency of cyber attacks, including ransomware and phishing, and how scripted and simple they have become,” says Assheton-Smith. “For many, it’s not a question of if you will suffer a breach, but when and what the situation will be when it happens.”
AD Tiering enhances security by segregating accounts and access rights into tiers, significantly reducing the risk of credential theft and lateral movement by attackers. It also helps organisations meet regulatory requirements by demonstrating a structured approach to access control and data protection. Additionally, it simplifies management tasks by having a clear structure and understanding of access levels, limits the number of accounts with high-level privileges and makes it harder for attackers to exploit vulnerabilities. In the event of a security breach, AD Tiering can help isolate the attack to a specific tier, making it easier to contain and remediate.
“AD Tiering, combined with Privilege Access Workstations (PAWs) and a properly deployed Privileged Access Management (PAM) solution, provides a high level of security for administrative tasks,” notes Assheton-Smith. “While a PAM does not isolate the keyboard and mouse, it offers features such as MFA, auditing and session recording.”
Symbiosys has developed a robust methodology for AD Tiering, refined over many years and deployed in some of the world's largest and most complex organisations. The deployment strategy is designed to be fast, robust and non-impactful, allowing for quick realisation of security gains. Importantly, Symbiosys can track violations to the intended Tiering deployment and address them post-implementation to ensure that assets are protected as planned.
“Our goal is to ensure that organisations can effectively protect their most sensitive assets and operate securely in today’s complex digital environment,” concludes Assheton-Smith.