Microsoft, a $400B company is a name that needs no introduction. Unless you live on another planet, you know that virtually everything in the world runs on Microsoft Windows (client and server.)
On the server side, over 85% of the world’s organizations operate on Microsoft’s Windows Server platform, at the foundation of which lies a single technology – Active Directory.
In fact, at work, from the moment you logon in the morning to the moment you logoff in the evening, everything you do is powered and enabled by Active Directory. This is so because to simplify distributed security, 15 years ago Microsoft integrated its entire distributed authentication and authorization infrastructure with Active Directory.
15 years into Active Directory’s existence, a fledgling company, Aorato, shows up and proclaims to the world in its MISSION STATEMENT that –
(Generally, only those who know a lot or very little about Active Directory can make such statements.)
Turns out Aorato is in the business of developing and selling a (beta version) of a directory application firewall (DAF) that can theoretically detect suspicious activities such as PtH attacks. It has a handful of customers, few may have heard of.
If indeed Domain Admin accounts were compromised in the Target/Home Depot security incidents, then I have to say that the hackers were either really dumb, or very focused on merely getting a bunch of credit card numbers, because if they wanted, they could have shut these organizations down, within minutes. That's what I mean by "if you survive the incident".
Anyway, I digress.
All said and done, Congratulations Aorato!
As for the #1 risk to Active Directory deployments worldwide, Active Directory Privilege Escalation (the risk that would let a perpetrator completely 0wn any Active Directory deployment within minutes WITHOUT requiring anyone else to logon to any machine, let alone one 0wned by the perpetrator), we have it covered.
PS2: If you liked this, you may also like my 2c on the OPM Data Breach