Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Active Directory Security: “Drift Happens”
August 17, 2021
New ransomware variants, new exploits, more tactics… it seems like attackers come up with something novel every week. There’s a silver lining, though. With every new attack and breach, followed by the analysis of the attack process, we see patterns. By analyzing these patterns and addressing what the attacker relies on, we can disrupt the hackers and reduce the overall security risk.
Attackers initially compromise enterprises by one of two attack methods. First, they exploit vulnerabilities within the hardware, operating systems, software, applications, etc. of the devices they target. We all know that patching is essential, but it’s just like taking our vitamins – we may forget (or we just don’t see the benefits until it is too late).
Second, hackers leverage misconfigurations related to hardware, operating systems, software, applications, etc. Thousands of security settings need to be configured, but they often aren’t secured correctly. With simple queries the attacker can determine what’s running on the device they’ve connected to, allowing them to know exactly what misconfigurations to look for. Securing these configurations before the attacker can see them is essential.
Current security tools and practices aren’t sufficient to secure our networks. The following tools and practices are useful, but leave major gaps in security:
Many of these solutions are point-in-time, meaning the results are outdated within days of the results. Other solutions might be more continuous, but they aren’t digging into the depths of the network infrastructure to provide info at the level the attacker is working.
Regardless of the entry point, Active Directory is always a next step. Over and over again we see the forensic proof that Active Directory was leveraged to move laterally and gain privileges in order to deploy ransomware.
RYUK, SolarWinds and XingLocker (a variant of MountLocker) specifically require Active Directory to be involved. Attackers know how to enumerate and analyze Active Directory, so they rely on it for a successful breach and deployment of malicious software. It’s also central to authentication and resource access, which is another key reason attackers love to leverage AD.
First, the direct solution to protecting your network and data is to target what attackers are targeting: Active Directory security and vulnerability management.
First, existing hardware, operating systems, applications, software and Active Directory must be secured. If the attacker is aiming to enumerate and analyze any and all aspects of your network, that’s something that needs immediate attention.
Second, all the work securing your network and devices shouldn’t go to waste. Once you’ve patched and secured configurations, these efforts need to be maintained constantly – that means 24x7 continuous and automatic analysis of all vulnerabilities and configurations. Think of it as keeping your attack surface as small as possible nonstop.
Finally, the ability to detect attacks is vital. Simpler attacks such as password spraying and guessing need to be detected as soon as they start so they can be shut down immediately. Even more advanced attacks like DCSync, DCShadow and Golden Ticket also need to be detected as they occur. These advanced attacks are used for persistence and backdoors, as well as to open up new attack paths the hacker can leverage.
Common tools can’t correctly detect everything. More sophisticated solutions are needed to fill these gaps in monitoring and detection.
June 17, 2021
Go365 performs user enumeration and password spraying attacks on organizations that use Office 365.
April 20, 2021
SIEM requires significant care and attention. Organizations lacking the resources to maximize their investment should consider retaining an MSSP.
November 04, 2020
How to assign a specific public IP address using Azure Automation runbook. Part three in a series.
Let us know what you need, and we will have an Optiv professional contact you shortly.