Study Finds Attackers Targeting Active Directory: 50% of Organizations Have Been Attacked With Over 40% Success



FREMONT, Calif .– (COMMERCIAL THREAD) –Attivo Networks®, experts in identity privilege escalation prevention and lateral motion attack detection, today announced the availability of a new research report conducted by Enterprise Management Associates (EMA) and commissioned in part by Attivo Networks. The report focuses on Active Directory (AD), the directory-based identity services platform used by 90% of businesses globally, exploring the barriers and threats organizations face when protecting AD and how they are adapting to address these growing concerns.

To download the report: “The Rise of Active Directory Exploits: Is It Time to Sound the Alarm?” », Please visit:

As proof of the value attackers place on exploiting Active Directory and the privileges it contains, the report found that 50% of organizations have experienced an attack on Active Directory in the past 1-2 years, with more than 40% indicating that the attack was successful. An equally disturbing result was that penetration testers successfully exploited AD exposures 82% of the time, suggesting that the results of actual attacks may be under-represented due to lack of visibility into exploits. .

In response to the Active Directory siege, 86% of organizations plan to increase their investment in AD protection. They cite the increased prevalence of AD attacks (25%), an increase in remote activity or working from home (18%), an expansion in cloud use (17%) and the prevalence of advanced attacks, such as ransomware 2.0 (15%), as the main reasons for doing so.

When asked about protection against advanced attacks such as ransomware 2.0, companies provided a range of answers. Almost two-thirds said they use AD attack detection tools (64%) and endpoint detection and response (EDR) tools (64%), while just over the half use Antivirus Protection / Endpoint (EPP) platforms (55%). Other notable safeguards mentioned by people in the report include User and Entity Behavior Analysis (UEBA) tools (40%), SIEM and log analysis tools (36%), and Identity detection and response (IDR) (27%). Given the relative novelty of the IDR category, which began to emerge in 2021, it is promising that a significant portion of companies have already adopted it.

The report also explored and analyzed the experiences of security professionals in protecting Active Directory and its challenges:

  • The most feared AD attacks

  • Main AD threat vectors

  • AD protection techniques and tools

  • Penetration tests reveal AD vulnerabilities

  • Barriers to action and remediation of AD exposures

  • AD’s role in compliance checks and certifications

Throughout the investigation, there was a tendency for the issues of increasing privileges and over-provisioning to be repeatedly mentioned, as well as a lack of visibility to easily understand abuses and political abuses. These findings all underscored that effective Active Directory protection requires diligent authorization control and access management, but must also include multiple layers of visibility and live attack detection.

“Attackers are exploiting the intricacies of Active Directory to penetrate the environment via an exponential number of attack paths, providing virtually undetectable lateral movement within Active Directory,” said Paula Musich, research director, Security and risk management at Enterprise Management Associates. “The good news is that a solid majority of organizations recognize this threat and have increased their Active Directory security priority in 2021, with plans to increase their spending on its security. ”

“The main challenges in protecting Active Directory are the detection of live AD attacks, the lack of visibility into the AD environment, and the necessary coordination of AD security communication between multiple teams,” said Carolyn Crandall, Chief Security Lawyer at Attivo Networks. “Attivo’s Identity Detection and Response (IDR) solutions address this protection gap squarely, providing critical visibility into the AD environment, enabling organizations to respond to AD attacks in real time and identify risks within their AD before malicious actors exploit them. ”

To learn more about Attivo Networks Active Directory protection solutions, visit Active Directory Protection Product Page or read the IDR solutions page here.

Research methodology

Attivo Networks, along with other vendors, sponsored Enterprise Management Associates (EMA) to undertake this research. In August 2021, the EMA surveyed 250 IT professionals and leaders of organizations with 1,000 or more employees representing at least ten different verticals.

About Attivo Networks

Attivo Networks®, the leader in identity privilege escalation prevention and lateral motion attack detection, offers superior defense against threatening activity. Through cyber-visibility programs, deception and conditional access tactics, Attivo ThreatDefend® Platform offers a scalable, customer-proven solution to deny, detect and derail attackers and reduce attack surfaces without relying on signatures. The portfolio provides innovative, patented defenses at critical attack points, including endpoints, in Active Directory, in the cloud, and across the network by preventing and diverting attack activity. Forensics, automated attack analysis, and third-party integrations streamline incident response. Deception as a defense strategy continues to grow and is an integral part of NIST and MITER special publications® Shield, and his abilities closely align with the MITER ATT & CK® Framework. Attivo has won over 150 awards for its technological innovation and leadership.


Leave A Reply

Your email address will not be published.