ActiveDirSec.Org

The world's most trusted forum on Active Directory Security


Post Info TOPIC: Active Directory Security Incidents


Newbie

Posts: 1
Date: Aug 23, 2013
Active Directory Security Incidents
Permalink  
 


Hello,

I am a Senior IT Analyst focused on Directory Services at a German conglomerate, and I am trying to get some more information on any publicly available list of Active Directory security incidents that are either documented or have been in the news lately.

I know this sounds like a strange request, but actually I need it to make a case for an Active Directory security solution that we need to procure to streamline our ability to minimize the possibility of, as well as detect and respond to, any Active Directory related security incidents.

The hurdle I have run into is that, unlike my counterparts in the Network Operations Team who are easily able to get budget approval for the latest firewalls, since there is so much evidence of cyber security incidents related to intrusions by hackers, I am finding it a little difficult to provide supporting evidence that helps make a case for the Active Directory audit solution we need to procure.

My immediate management and my colleages understand the need, because we work with Active Directory on a daily basis, but senior management doesn't quite get it yet. They seem to think that since the Active Directory is inside the perimeter, it doesn't need any additional protection.

We have been trying to make the point that the major threats to Active Directory are actually from insiders (dissatisfied employee, disgruntled admin, rogue delegated admin, malicious software etc.) but it does not seem to be well received yet, so my manager has asked me to try and find a list of any publicly known Active Directory Security Incidents.

I have looked around a bit, and while there are sporadic news articles and coverage related to Windows Systems compromise, I have not been able to find anything specific to Active Directory security incidents yet.

Does anyone know of any such list of Active Directory Security Incidents? If so, could you please share, so we could make a better case and hopefuly get the budget approval we really need to enhance our Active Directory security monitoring and audit abilities.

As someone technical working on Active Directory on a daily-basis, I know how important this is, but unfortunately our senior management (many of whom have experience in network security) don't seem to understand why this is so important to protect the Active Directory. (They're still thinking firewalls, IDS and all. They don't seem to "get" that even the account they logon with everyday is an Active Directory account, or for that matter, all the access they get to all the documents on all our file shares is made possible by domain security groups.) I don't mean to whine, but it is a frustrating situation, and one I am hoping will improve. 

Thank you in advance for your help.

Andreas



__________________
Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Post to Digg Post to Del.icio.us
Members Login
Username 
 
Password 
    Remember Me