Ever since the first story about crime and the people who try to solve it, there has been that moment when somebody uncovers a piece of evidence that an insider was involved. The characters exchange shocked, wary glances as one of them says, “You mean this was an inside job?”
Unfortunately, glances and questions like those are becoming a standard feature of investigations into almost every data breach. Upon discovering that someone has illegitimately accessed data on the network, IT managers initially believe (hope, really) that the threat came from outside. But as recent, headlinegrabbing data breaches demonstrate, a lapse in internal security — whether accidental or malicious — often makes the attack possible in spite of robust external security.
This paper focuses on Microsoft Active Directory (AD) as a prime target for attackers because of AD’s importance in authentication and authorization for all users. Readers will see how a typical insider threat unfolds and take away Active Directory security best practices that minimize the risk of the insider threat to the availability, confidentiality and integrity of AD.
Learn more by downloading this whitepaper.