Five Eyes Alliance issues guidance on securing Active Directory

Cybersecurity experts have responded to a new report by the Five Eyes Alliance detailing guidance for mitigating risks associated with Active Directory (AD) systems.

Mickey Bresman, Chief Executive Officer of Semperis, commented on the significance of Active Directory in organisational security: "Active Directory holds the keys to the kingdom. Vulnerabilities in Active Directory, Entra ID and Okta give attackers access to an organisation's network and resources. The new, comprehensive report on mitigating Active Directory (AD) risks from the Five Eyes Alliance highlights the urgent need to secure AD against today's cyber threats."

The Five Eyes Alliance's report stresses the importance of securing Active Directory systems against potential cyber threats, which have increased in frequency and sophistication. Bresman highlighted the inclusion of Purple Knight, Semperis's free AD vulnerability tool, as a recommended tool in the report. "We are honored that Purple Knight, our free AD vulnerability tool, downloaded by more than 30,000 global organisations, is a recommended tool in the report. Purple Knight helps organisations assess vulnerabilities and discover indicators of exposure and indicators of compromise in hybrid AD environments. Semperis will continue to support the community with free tools such as Purple Knight and Forest Druid, our free attack analysis tool," Bresman stated.

Implementing the recommendations from the Five Eyes Alliance can enhance AD security and the overall security posture of organisations. Bresman also warned of the challenges in dealing with threats to identity systems, "By implementing the recommendations in the Five Eyes Alliance report, organisations can significantly improve their AD security, and their overall security posture, to prevent intrusions by malicious actors. However, many of the techniques in the report are resistant to cyber security incident response remediation activities intended to evict threat actors. Semperis is on the front lines of incident response cases involving identity systems. On a daily basis, we see firsthand the resiliency and expertise needed to bounce back from AD compromises that take identity systems down, disrupting businesses and leading to revenue losses and employee and customer angst. Semperis built the industry's first cyber approach to AD security and resiliency and we have evolved our solutions over the years to allow us to recover the organisations we work with in a secure (malware free and post breach cleanup) and rapid manner, driving what is otherwise days or weeks of work to hours and minutes."

Chris Inglis, Strategic Advisor at Semperis and former U.S. National Cyber Director, also endorsed the guidance, noting the persistent threat posed by vulnerabilities in Active Directory. "Vulnerabilities in Active Directory, the most frequently used identity system, are targeted constantly by threat actors. Today's guidance by the Five Eyes Nations is welcomed. I recommend that organisations adopt an assumed breach mindset and consider an ever-present state of threat arrayed against companies; you can never say that you are either safe or take a moment off. While perfect security is impossible, you can make your network defensible, and then you must defend it. That defence is a mix of doctrine, upskilling and technology, all of which are essential - none on their own is sufficient," Inglis advised.

He further commented on the role of companies like Semperis in providing security solutions that support operational resiliency, "Organisations such as Semperis offer hybrid identity system security that will help global organisations improve their operational resiliency against today's ever-present attacks."