As some of you may know, over the past few weeks, I have been publicly taking the $ 550 Billion Microsoft (Nasdaq: MSFT) to Active Directory Security School (see PS3 below) because today global security literally depends on Active Directory Security.
In case you're wondering why, here's why -
The Importance of Active Directory Security
From the White House to the British Houses of Parliament, and from Microsoft to the Fortune 1000, at the very foundation of IT, identity and access management, and cyber security at over 85% of all organizations worldwide today lies Active Directory.
In other words, the foundational security of thousands of government and business organizations depends on Active Directory.
To paint a picture - Governments, Militaries, Law Enforcement Agencies, Banks, Stock Exchanges, Energy Suppliers, Defense Contractors, Hospitals, Airlines, Airports, Hotels, Oil and Gas Companies, Internet, Tech and Cyber Security Companies, Manufacturing Companies, Pharmaceutical Companies, Retail Giants ... <the list is long> all run on Active Directory.
Operating in the Dark
Given my background, experience and whatever little I know about the subject, I have reason to believe that most organizations worldwide that operate on Active Directory are operating in the dark today, and have absolutely no idea as to exactly who has what level of privileged access in their foundational Active Directory!
Further, because over the last decade, almost 10,000 organizations from across 150+ countries worldwide have knocked at our doors unsolicited, we know exactly how much these organizations know about Active Directory Security, and we're shocked to know that 99% of them don't even know what "Active Directory Effective Permissions" are, and upon giving this due thought, we have arrived at the conclusion that the world's complete ignorance on this most paramount aspect of organizational cyber security can be attributed to the fact that Microsoft has likely not even once educated its customers about its importance!
Let There Be Light
So, I made an executive decision that we need to educate the $ 550 Billion Microsoft Corp about the paramount importance of "Active Directory Effective Permissions", so that they can in turn educate the thousands of vital business and government organizations at whose very foundation lies Active Directory about its sheer and cardinal importance.
Make no mistake about it - no organization that operates on Microsoft Active Directory today can be adequately secured without possessing the ability to determine effective permissions on the thousands of building blocks of cyber security (i.e. thousands of domain user accounts, computer accounts, security groups and policies) that reside in its Active Directory. Its really that simple.
A 1000 Cyber Security Companies!
Speaking of which, although there are supposedly over a 1000 cyber security companies in the world (, and incidentally at their very foundation too lies Microsoft Active Directory) not a single one of them has the ability, the expertise or even a single solution to help the world accurately determine "effective permissions" in Active Directory. Not a single one of them!
Well, except ONE.
PS: If you can find even ONE cyber security company in the world that can help the world do this, you let me know.
PS2: Microsoft, before you respond, please know this - I've conquered mountains, and I'm likely your best friend.
PS3: To help the world easily follow Active Directory Security School for Microsoft, here are each day's lessons -
- Day 0 – A Trillion Dollar Letter to Microsoft concerning Cyber Security Worldwide
- Day 1 – How Well Does Microsoft Understand Cyber Security?
- Day 2 – The Importance of Active Directory Security
- Day 3 – The Impact of an Active Directory Security Breach
- Day 4 – The Active Directory Attack Surface
- Day 5 – The Top-5 Security Risks to Active Directory Deployments
- Day 6 – A Trillion Dollar Active Directory Privilege Escalation Example
- Day 7 – Lack of Gravitas at Organizations + Risks of Amateur Tooling
- Day 8 – An Ocean of Access Privileges in Active Directory Deployments
- Day 9 – A Most Important Microsoft Video on Defending Active Directory
- Day 10 – Active Directory Effective Permissions – Paramount to Cyber Security
- Day 11 - A Trillion $ Question to Microsoft regarding “Identities” and Cyber Security
- Day 12 - How to Correctly Audit Who can Create User Accounts in Active Directory
- Day 13 - Microsoft, How Do Organizations Prevent this Denial-of-Service Attack on Active Directory?
- Day 14 - How to Audit Who can Delete an Organizational Unit in Active Directory
- Day 15 - A Trillion $ Question to Microsoft regarding Domain Security Groups
- Day 16 - How to Audit Who can Change Group Memberships in Active Directory
- Day 17 - Implications of An Unauthorized Change to a Service Connection Point in Active Directory
- Day 18 - How to Audit Who Can Change/Control/Delete a Service Connection Point in Active Directory
- Day 18 - Implications of an Unauthorized Change to Domain Computer Accounts in Active Directory
and How to Audit Who Can Make Changes to Domain Computer Accounts in Active Directory