Key findings:
- 50% of organizations experienced an attack on Active Directory in the last 1-2 years
- Over 40% indicating the AD attack was successful
- Penetration testers successfully exploited AD exposures 82% of the time
- 86% of organizations plan to increase investment in protecting AD
Active Directory—the core identity store used by 90% of businesses worldwide—is a prime target for cyberattackers. Fixing AD-related security gaps should be at the top of every organization’s security checklist, according to a new report from Enterprise Management Associates (EMA). But the sheer complexity of managing AD security can hinder security goals.
“The complexity of the directory-based identity services platform used by 90% of enterprises around the world, coupled with the need for at least two different teams to collaborate to properly secure it and the constantly changing nature of its configuration, make it a difficult attack surface to protect,” said Paula Musich, EMA Research Director of security and risk management.
EMA surveyed IT professionals and executives across a range of industries to uncover how organizations are shifting priorities to address the growing threat of AD security weaknesses. The report covers:
- Priorities and spending for Active Directory security
- Active Directory security challenges and threats
- Assessing the security posture of Active Directory
- Remediating exposures and attacks
- Protecting Active Directory
- Active Directory and compliance
