70 percent of Windows environments at risk from malicious attacks

Over the past few years, the success rate of attacks, both internal and external, on corporate networks has been growing. At the centre of most corporate networks is Active Directory. Since Active Directory is the most important technology to control access to the network and resources, it is important to secure all aspects of this portion of a network.

However, the growing success rate of attacks suggests that many organisations do not secure Active Directory correctly. Recently, ManageEngine conducted a survey to better understand the common security practices followed by IT admins that specialise in Active Directory and Windows Server. The full survey and results from 327 practitioners is available at https://www.manageengine.com/products/active-directory-audit/windows-ad-security-survey.html.

"Organisations clearly are paying closer attention to the security for Active Directory," said Derek Melber, technical evangelist for ManageEngine and microsite manager of Security Hardening for Active Directory and Windows Servers. "However, the survey results also indicate that Windows environments are far from being secure, and improved overall visibility is essential."

Active Directory and Windows Server Security - Trends and Practices

Analysis of the survey results reveals key factors that influence security. It also outlines important suggestions for the year ahead regarding security of Windows environments. In turn, organisations can enhance security measures to ensure a more secure and smoother environment to run business operations. Insights into various aspects of Windows environment security include:

• Awareness of and concern about internal attacks
• Interest in a security solution with change notification alerts
• Ease of accessing current Windows security settings
• Knowledge of current Windows security standards
• Frequency of using tools to generate security reports

Survey Highlights

• 70 percent of respondents agree that their Windows environments are not completely secure from malicious attacks, while another 10 percent admit to being unaware of the security standards for Windows environments.
• 72 percent of respondents seek a solution that sends alerts when security configurations change, yet 55 percent have not begun to use one.
• 47 percent of IT admins find it difficult and time consuming to gain awareness of the current security settings of their Windows environments. A small percentage of respondents use scripts but find it tedious.

Inferences from the Survey Findings

• The results clearly indicate that organisations need to take immediate action to secure their Windows environments.
• The findings imply a visibility gap in the market. Despite the market availability of solution providers, at least half the organisations do not use a configuration alert system and may need to perform requirement-to-solution mapping to reduce this gap.
• For efficient management of their Windows environments, IT admins could benefit from exploring available reporting solutions.