On Monday, the RSA Conference 2020 will begin, where almost a thousand cyber security companies will showcase their greatest cyber security solutions to thousands of attendees, and where supposedly "The World Talks Security!"
If that's the case, let's talk security - I'd like to ask the entire RSA Conference just 1 simple cyber security question -
Question: Do the companies whose CISOs and cyber security personnel are attending the RSA Conference '20 have any idea exactly who has what privileged access in their foundational Active Directory deployments today?
If they don't, then perhaps instead of making the time to attend cyber security conferences, they should first focus on making this paramount determination, because without it, not ONE thing, let alone their entire organization, can be adequately secured.
If this one simple question posed above isn't clear, here are 5 simple specific cyber security 101 questions to help gain clarity:
Does our organization know exactly -
- Q 1. Who can run Mimikatz DCSync against our Active Directory to instantly compromise everyone's credentials?
- Q 2. Who can change the Domain Admins group's membership to instantly gain privileged access company wide?
- Q 3. Who can reset passwords of /disable use of Smartcards on all Domain Admin equivalent privileged accounts?
- Q 4. Who can link a malicious GPO to an(y) OU in Active Directory to instantly unleash ransomware system-wide?
- Q 5. Who can change or control who has what privileged access in our Active Directory?
If an organization does not have exact answers to these 5 simple questions today, it has absolutely no idea as to exactly who has what privileged access in its foundational Active Directory, and thus, it has absolutely no control over cyber security.
This is Paramount
If you don't think that having exact answers to these questions is paramount, then you don't know a thing about cyber security.
Just ask the world famous and globally trusted $10 Billion cyber security company CrowdStrike, and here's a quote from them - "A secure Active Directory environment can mitigate most attacks."
Zero out of 1000
There are almost 1000 cyber security companies exhibiting at the RSA Conference 2020, but guess how many of those 1000 companies could help you accurately determine the answers to 5 simple questions asked above? The answer is 0.
Not Microsoft, not EMC, not CrowdStrike, not FireEye, not Cisco, not IBM, not Symantec, not McAfee, not Palantir, not Tanium, not CyberArk, not Centrify, not Quest, not ZScaler, not BeyondTrust, not Thycotic, not Varonis, not Netwrix, not even HP, in fact no company exhibiting at RSA Conference 2020 has any solution that could help accurately answer these simple questions.
That's right - not a single cyber security company in the world (barring one), let alone the entirety of all cyber security companies exhibiting at or sponsoring the RSA Conference 2020 can help organizations accurately answer these simple questions.
The key to being able to answer the leading question above, as well as the five simple cyber security questions posed above lies in having just 1 simple, fundamental cyber security capability - Active Directory Effective Permissions.
There's only 1 company on planet Earth that possesses this key, and its not going to be at the RSA Conference 2020 - this one.