The insider threat to Active Directory security is real, pervasive and costly. The predominance of AD in enterprises around the globe makes it an appealing target for adversaries who can exploit technical limitations and human factors to launch data breaches from the inside out.
AD event monitoring logs are a start, but many insider threats take advantage of AD events that are not logged. Besides, the list of things to look for in a suspected attack is long and there is no automatic way to guard against all of them.
This paper focuses on Microsoft Active Directory (AD) as a prime target for attackers because of AD’s importance in authentication and authorization for all users. Readers will see how a typical insider threat unfolds and take away Active Directory security best practices that minimize the risk of the insider threat to the availability, confidentiality and integrity of AD.
Want to learn more about Active Directory security, watch our webcast on demand: