More than half of organizations do not have enough resources to keep up with Microsoft Active Directory (AD) security challenges, with insecure AD configurations leading to high-risk exposures, according to the “State of Hybrid Active Directory Cyber Resilience” report published by Quest Software.
In addition to struggling with a lack of resources required to keep ahead of AD security challenges, Quest’s research found that the ability to adequately identify vulnerabilities is a significant worry requiring more attention. Nearly two-thirds (64%) of the IT executives and practitioners surveyed say assessing potential exposures is a big struggle, and 55% say pinpointing misconfigurations remains an issue.
These insights are alarming since Microsoft’s 2023 Digital Defense Report found that 43% of organizations struggle with configuring AD securely. Given that 90% of Fortune 1000 organizations depend on Active Directory for primary authentication and authorization, it remains a prominent enterprise attack vector.
To address the glaring challenges spotlighted by the report, Quest is previewing the upcoming release (via private demos) of Security Guardian, a new solution for AD security that measurably reduces the enterprise attack surface by protecting an organization’s most valuable assets, thus mitigating vulnerabilities and insecure configurations across AD deployments.
“Organizations know they have security problems and know they will be compromised, but they feel helpless in addressing security concerns to prevent breaches, mainly due to a lack of resources and skilled talent,” said John Hernandez, president and GM at Quest Software. “Many security professionals with deep AD skills are retiring, with few new entrants in the market interested in learning the software and replacing those experts. The changing nature of the threat landscape is putting overwhelming pressure on organizations to keep up despite this skills gap, and they need help getting their AD infrastructure properly configured, monitored and under control.”
Eight in 10 organizations understand the importance of establishing a Tier Zero framework as best practice, where the most critical IT assets – those which, if compromised, would cripple an entire organization – are strictly managed with access limited to an extremely small group. Yet only 30% have actually implemented this framework, pointing to a lack of resources and prioritization needed to address this challenge.
Quest Security Guardian empowers organizations to protect critical Tier Zero assets, with the ability to:
• Benchmark current AD configurations against industry best practices
• Lock down critical objects, including group policy objects, from misconfiguration and compromise.
• Stay ahead of threats by continually monitoring for indicators of exposure and indicators of compromise.
“Since AD was introduced more than 20 years ago, Quest has worked right alongside thousands of organizations to help address the types of challenges cited in our research: specifically, bolstering scarce resources and prioritization of issue remediation,” said Hernandez. “We continue to evolve our solution set to meet the emerging needs of our customers, and we have been laser-focused on security for a long time. Customers can continue to put their faith in our solutions, and our resources, to enhance their AD security and reduce the threat of data exposure or theft.”