Active Directory is still a weak point when it comes to security (Image Credit: Studio Republic on Unsplash)Active Directory is a prime target for cybercriminals because getting control can give them access to all your corporate assets. Given that, it might seem reasonable that companies are spending a lot of time protecting it. Unfortunately, while many organisations think they are doing enough, the reality is that too many leave their Active Directory insecure.

Enterprise Times spoke with Carolyn Crandall, Chief Security Advocate and CMO at Attivo Networks, to get a better understanding of the risks and issues around Active Directory.

ET asked Crandall why is it so challenging to protect AD? Crandall replied: “There’s no longer this hardshell perimeter. There’s this gooey middle and they are going after Active Directory.”

Carolyn Crandall, Chief Deception Officer, Attivo Networks (Image Credit: LinkedIn)
Carolyn Crandall, Chief Security Advocate and CMO, Attivo Networks

But getting teams to work together can be challenging. Crandall commented: “You have a bit of a divide that’s going on. You have the Active Directory administrators and you have the security teams. Sometimes they talk well, and sometimes they don’t, and their priorities compete. So part of it is just getting alignment.”

Perhaps the biggest challenge for AD is that it is not a static entity, it is in a state of constant change. Users, devices, software – all want their own entries in AD. That creates an ever-increasing complexity that can be hard to understand.

Crandall said: “It’s so hard. It’s been viewed as plumbing for so long that it really is going to take a change in thinking and prioritisation. It’s not necessarily going to happen from the bottom up because the guys that are doing the work know the complexity.  

“The problem is, is you can’t deal with security in a world that’s changed in a traditional way. One innocent misconfiguration, we’ve seen it so many times already, and you get one replication error on your domain controller, can have material consequences.”

To hear what else Crandall had to say, listen to the podcast.

Where can I get it?

You can listen to the podcast by clicking on the player below. Alternatively, click on any of the podcast services below and go to the Enterprise Times podcast page.

Enterprise Times on Spotify (Image Credit: Spotify)

Enterprise Times on Soundcloud (Image Credit: Soundcloud)

Enterprise Times on Google Podcasts (Image Credit: Google)

Enterprise Times on Stitcher (Image Credit: Stitcher)

Enterprise Times on Podchaser (Image Credit: Podchaser)

LEAVE A REPLY

Please enter your comment!
Please enter your name here