The insider threat to AD is real, pervasive and costly. The predominance of AD in enterprises around the globe makes it an appealing target for adversaries who can exploit technical limitations and human factors to launch data breaches from the inside out.
Monitoring logs of AD events is a start, but many insider threats take advantage of AD events that are not logged. Besides, the list of things to look for in a suspected attack is long and there is no automatic way to guard against all of them.
This paper focuses on Microsoft Active Directory (AD) as a prime target for attackers because of AD’s importance in authentication and authorization for all users. You will see how a typical insider threat unfolds and take away Active Directory security best practices that minimize the risk of the insider threat to the availability, confidentiality and integrity of AD.
Download the whitepaper here.