Expert insights on NSA's new guidelines for Active Directory security

Today

The United States National Security Agency (NSA), in collaboration with international partners, has issued comprehensive guidance to mitigate risks associated with Active Directory (AD) compromises. This report, released by the Five Eyes Alliance, emphasises the urgent need for organisations to enhance the security of their Active Directory, Entra ID, and Okta systems, which have been identified as high-value targets for cyber attackers.

Expert insights from industry leaders underscore the importance of addressing these vulnerabilities and provide strategies for improving organisational resilience against potential threats.

Mickey Bresman, the Chief Executive Officer of Semperis, a company specialising in AD security, highlighted the significance of the updated guidance. "Active Directory holds the keys to the kingdom," Bresman asserted, explaining the potential consequences of vulnerabilities within these identity systems. Bresman expressed gratitude that the report recognised Semperis's tools, such as Purple Knight, as useful resources for identifying vulnerabilities in hybrid AD environments. Purple Knight, a free tool, has been downloaded by over 30,000 organisations globally, assisting in discovering indicators of exposure and compromise.

According to Bresman, integrating these recommendations is vital for improving an organisation's overall security posture. Nonetheless, he noted that some techniques described in the guidance present challenges to traditional cyber security incident response activities, which are typically aimed at removing threat actors from systems. Semperis, positioned on the front lines of incident response involving identity systems, has developed strategies to help businesses recover securely and swiftly from AD compromises, minimising potential disruptions and financial losses.

Chris Inglis, a strategic advisor for Semperis and the first U.S. National Cyber Director, welcomed the guidance from the Five Eyes Nations. Inglis emphasised the constant threat posed to AD systems, suggesting that organisations should adopt an "assumed breach" mindset. He noted that while perfect security is unattainable, a network can be made defensible through a combination of doctrine, skills enhancement, and technology, all of which are essential components of a robust defence strategy.

Inglis reiterated that organisations must remain vigilant, as the threat landscape is ever-present. He advocated for companies to defend their networks and make significant improvements in their operational resiliency. Products offered by companies such as Semperis, which provide security for hybrid identity systems, play a crucial role in fortifying defences against cyber threats.

This collaborative effort in guidance release highlights the criticality of AD security amid increasing cyber threats. As organisations continue to enhance their cyber security frameworks, adopting the practices recommended by the Five Eyes Alliance could substantially mitigate risks associated with Active Directory system vulnerabilities.

Share on: