How to Identify and Know Who Has Access in Your Environment

Every Wednesday in May, we’re hosting a live four-part webcast series, How to Overcome Common Hybrid AD and Cloud Security Challenges. The webcast series features a fictional character, Hank the Hacker, who represents hackers that appear in many shapes and sizes and who love to exploit the security gaps of on-prem AD, Azure AD and Office 365.

In part 1 of the series, we will be showing you how to identify potential cloud security risks, insider threats and data breaches with continuous assessment.

Join us on May 3 at 11 am ET for part 1 of the Hank the Hacker webcast series,

Identifying Hybrid AD Security Risks with Continuous Assessment

Whether you’ve moved to Office 365 or are considering migrating in the future, you probably spent a lot of time getting your on-premises AD ready for the move. But once your cloud or hybrid environment is in place and in good shape, how do you keep it secure?

Active Directory. That’s right, the security of both on premise Active Directory and the cloud-based Azure AD needs to be top of mind.  AD can provide hackers, like Hank, the keys to your kingdom.  Threats, whether internal or external, are actively using or targeting privileged user accounts in order to gain access to sensitive data. 

Protecting your outside walls provides no guarantee of AD security, because the biggest threats to AD security are the internal ones, and many of insider misuse involves abuse of privileges.  That extends to accidental or malicious misuse of AD permissions, elevated accounts and sensitive groups that can weaken security protocols and lead to unauthorized access to sensitive Windows-based data.

According to the Insider Security Spotlight Report produced by Information Security Community on LinkedIn, privileged users, such as managers with access to sensitive information, pose the biggest insider threat to organizations (59 percent). This is followed by contractors and consultants (48 percent), and regular employees (46 percent). 

 

So whether the data breach happens from an external hacker using techniques like pass-the-hash and/or ransomware, or an inside employee or contractor, all breaches become insider-jobs once they get into your Active Directory environment and have the necessary access they need.

The average data breach costs organizations $4 million according to the 2016 Ponemon Institute study, so learning how you can mitigate risk in your environment can not only help save your company money but also protect its brand reputation.

Improving your security posture should begin with taking an assessment of your on premise Active Directory, as it will remain for 75% of organizations, the primary authentication and authorization source for Office 365 and cloud-based applications authenticating through Azure AD.

Assessment of your AD and Windows environment is critical to:

  • Defining your security stance
  • Providing visibility into security gaps
  • Establishing a baseline

In this 60-minute webcast, Quest AD security experts will use a mix of slides and live demo to show you how to assess who has access to what within Active Directory, Exchange Online, and File Servers and will review key areas you should be assessing such as:

  • Who are your users and groups
  • Do they have excessive permissions
  • Where are my backdoors within AD
  • Who has access to my critical data
  • Do I have unused and stale accounts
  • And more

Even if you aren’t planning to migrate your data to Office 365, this webcast series will still be relevant to on-prem only organizations as you will learn how you can apply Active Directory security best practices to your Windows environment to minimize risk and improve your security posture.

About the Author
Daniel Gauntner
Dan Gauntner is a Senior Product Marketing Manager where he oversees the positioning and go-to-market strategy for Office 365, Active Directory, Exchange, Lotus Notes, SharePoint and OneDrive for Business...