Cybercriminals today are targeting Active Directory (AD), performing reconnaissance to discover users, servers and computers in an enterprise network and then move laterally to carry out multi-stage attacks. The rise in edge computing is adding more points of entry into your AD that you need to consider. We’ll explore this topic in depth as part 2 of our 10 predictions for 2019: What's in store for Windows and Office 365 pros.
At Microsoft Ignite 2018, edge computing consumed a large portion of the Book of News because organizations are seeing the efficiency benefits of collecting and processing data close to the source — the edge of the network (e.g., blockchain or AI in manufacturing and medical operations).
All of those IoT devices are collecting and generating gobs of data, which needs to be analyzed for trustworthiness and actionable insights. And that data needs to be processed quickly for faster response time (just imagine the consequences of lag in a wearable health monitor?!).
When your edge gets out of line
While edge computing can ensure minimal latency and reduction in network traffic, it's also important to remember these devices don’t have the management stack of internal systems. Patches that should be applied may not be, desired security configurations may be out of date — all of this adding holes to your Active Directory (AD)security for network reconnaissance, ransomware and even the lucrative business of cryptojacking.
The teams dedicated to maintaining your decades-long running mainframe or rolling out updates to user laptops simply don’t have the time or resources to maintain the thousands of IoT and other edge devices. Patching becomes a rational act that weighs the risk of service disruption due to patching against both the manpower required to do it and the chance of a cybersecurity incident.
Case in point, the WannaCry ransomware attack last year exploited a vulnerability for which Microsoft had already prepared and distributed the EnternalBlue patch two months prior. Many unpatched IoT and edge devices, such as ATMs and transit stations, were affected.
Our recommendation for 2019
As your organization investigates and deploys or uses more edge computing devices, besides just thinking through the maintenance and patching practice (and let’s not forget the dreaded end of life prospect), you’ll also want to consider how those devices authenticate to the network and how they will be monitored.
- Pull all of these points of contact away from your internal systems, especially authenticating to AD.
- Keep your distributed computing authentication up in the cloud where it's not connected to your valuable internal resources and data.
- Apply the same monitoring to these edge devices connected via Azure AD as you do for those objects authenticating through your on-premises AD environment so you can quickly spot compromised device credentials looking for a way into your data center.
Explore the logical and administrative layers of security that you should implement to improve your Active Directory security posture in this white paper, Designing a Multilayered, In-Depth Defense Approach to AD Security.