Why Proactive Active Directory Security Should Be Part of Organizations Cyber Defense Toolset.
Recently, hackers tried to exploit two zero-days in Trend Micro’s Apex One EDR platform, see this https://therecord.media/hackers-tried-to-exploit-two-zero-days-in-trend-micros-apex-one-edr-platform/ . Now, these sort of attacks is one the core reason why Proactive and Unified Identity Stores security platform is a non-negotiable inclusion in organization’s cyber defense toolset.
So, hackers will do just ANYTHING to gain that initial foothold, it might take some time, but they will surely get in. For proactive security minded organizations, the point of focus should be a mindset of post compromise, i.e., what hackers are able to do once they get in.
Lateral movement and privileged escalations are 2 MANDATORY attacks techniques that must be performed before hackers get to their target. Focusing technical resources particularly on these phases gives the defender an unassailable lead any day and anytime.
Unfortunately, lateral movement and privileged escalations attacks are ridiculously easier now as attackers leverage windows native tools (which goes under the radar of most security tools) such as PSExec, WMI, SMB and other NTLM vulnerabilities.
Recommended Solution. See the attached image.
With a solution such as CrowdStrike Falcon Zero Trust (formerly Preempt security), organizations can preempt misconfigurations and vulnerabilities to all authentication protocols while enforcing flexible policies that prevent in real time possible exploitation of user authentication mechanisms with the endgame to frustrate, disrupt and slow down the attackers TTPs. Contact us at firstname.lastname@example.org if interested in evaluating this solution!