Today Cyber Security plays a paramount role in global security. On this blog, the CEO of Paramount Defenses shares rare insights on issues related to Cyber Security, including Privileged Access, Organizational Cyber Security, Foundational Security, Windows Security, Active Directory Security, Insider Threats and other topics.

October 21, 2016

Defending Active Directory Against CyberAttacks


One week ago I had announced that I will be respectfully taking Microsoft to Active Directory Security School. I had also posed a Trillion $ question to Microsoft. As promised, today, in this post, I will do so. Sometimes less is more, so today I'll keep it short.

It is my privilege to share with you a presentation on Active Directory Security that I built for Microsoft and the world -

Defending Active Directory Against Active Directory Attacks

Here is a snapshot of a few sections from this 90+ slide deck -

Active Directory Security Presentation

I suggest that Microsoft and organizations worldwide, go through this deck, and absorb it like a sponge absorbs water, because in this deck lies the key to organizational cyber security worldwide and the answer to the Trillion $ question I posed to Microsoft.

If you find yourself wondering "What's the big deal?", please go through the entire deck, then consider the following:

       Here are the top 3 sources of guidance from Microsoft on the paramount subject of Active Directory Security -
1. Microsoft's original 100+ page official Best Practice Guide for Securing Active Directory (Part I) and Part II
2. Microsoft's latest official Best Practices for Securing Active Directory guidance, introduced by Microsoft's CISO
3. Microsoft's latest 5+ hour series of 12+ videos on Defending Active Directory Against Cyber Attacks

       If you can find even one mention of the Trillion $ phrase "Effective Permissions" in any of the above, let me know.

We've found that due to a complete decade+ lack of guidance from Microsoft on the most important technical aspect of Active Directory Security i.e. "Effective Permissions", 99% of the 1000s of IT personnel (Domain Admins, IT Auditors, IT Managers, CISOs etc.) from 1000s of organizations that have knocked at our doors do not even know what "Effective Permissions" are !

I'll let the $ 500 Billion Microsoft, and organizations worldwide, reflect on and absorb a) this fact, b) these questions and c) this deck, for a week, then continue sharing thoughts starting Nov 01, both on this blog and at -

Best wishes,