Many of the IT Professionals that contact our customer service and support group have common questions related to security incidents and are seeking guidance on how to mitigate threats from determined adversaries. Given the level of interest in this information and common scenarios that exist amongst different organizations, we are publishing a multi-part series which will detail common security incidents organizations face and provide recommended mitigations based on guidance from our Security Support team.
It is important to note that each phase has one or more technical and, more importantly, administrative controls that could have been used to block or slow down the attack. These mitigations are listed after each phase. Each mitigation addresses specific behaviors and attack vectors that have been seen previously in multiple security incidents. Read more.
Today’s senior executives rely on information technology organizations to help their business execute on strategies and improve their operations.
As the bedrock for the corporate directory and identity, the Active Directory plays a critical role in this IT environment, by providing access control for servers and applications.
At the same time, the threat of compromise to IT infrastructures from external attacks is rapidly growing and evolving in both scope and sophistication. The motivations behind these attacks range from “hacktivism” (attacks influenced by activist positions) to theft of intellectual property – and the Active Directory environment is not immune from being targeted for compromise.
Against this backdrop and to help enterprises protect their Active Directory environments, Microsoft IT released a detailed technical reference document, "Best Practices for Securing Active Directory." Read more
Author: Matt Thomlinson, General Manager, Trustworthy Computing
Targeted attacks by determined adversaries (also known as Advanced Persistent Threats or APTs) have been a hot topic recently. Although targeted attacks continue to make up a small fraction of the attacks we see today, reports of attacks targeting organizations and governments have attracted a lot of attention. We know that one of the first things determined adversaries do if they are able to successfully compromise their target organization’s network is to try to compromise the organization’s directory services. The reason is clear: a directory service contains the credentials that users, administrators and systems use to authenticate to the network and get access to the organization’s resources. If the attackers can get access to all these credentials, they can get access to more resources on the network.