The Problem We Solve
To the adversary, Active Directory and Azure are:
Foundational
Organizations’ applications, services, identities, and critical operations are built on top of AD while also implementing cloud workloads built on top of Azure AD.
Ubiquitous
AD and Azure AD are used by nearly every enterprise. Adversaries can use the same skills to universally abuse victim organizations.
Powerful
The same advanced administrative features in AD and Azure AD are used by adversaries to persist and complete their objective without the use of exploits.
Unmatched payoff
Enterprise defenders and IT architects do their best to eliminate risk, but their AD and Azure environments:
-
Provides Zero Visibility
Windows AD, and Azure AD make it nearly impossible to audit privileges.
-
Constantly Evolve
New users, machines, environments, and user logins all add to and create new Attack Paths.
-
Are Buried in Debt
Years of misconfiguration debt add Attack Paths and hide adversary activities.
Current solutions aren’t addressing the problem
Traditional security solutions focus on listing thousands of generic configuration issues, mounting unobtainable corrective action debt on AD and Azure admins. Worse yet, the endless effort to resolve individual configuration issues are offset by new misconfigurations as environments undergo constant change in both size and complexity.
Best practices are impractical
Many turn to addressing the root causes by attempting tiered administration and least privilege access best practices. While both are fantastic in theory, they fall short in practice. Tiered administration often requires impractical architectural changes and least privilege is hampered by opaque and confusing effective privileges.
Attack Paths are a ubiquitous threat
The result is identity Attack Paths remain an unseen, unmanaged problem that continues to grow. With so many organizations using AD and Azure AD, the tactics to abuse one environment will work in almost any environment.