Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Active Directory security: Why we fail and what auditors miss
Cyber Security: A Peer-Reviewed Journal,
6
(1),
41-51
(2022)
Abstract
The task of a security auditor is not an easy one. Organisations depend heavily on regular audits to analyse and evaluate the risks related to their IT assets. Unfortunately, traditional auditing methods do not adequately assess the latent risks present in Active Directory (AD). This paper will help readers understand the specific challenges and pitfalls associated with auditing AD and to adapt the method to avoid a false sense of security. It concludes that it is critical to maximise auditing assignments to obtain a clear and precise view of the important remediation tasks to come.
Keywords: audit; auditor; active directory; security; ransomware; malware; lateral movement; privileges escalation; domain dominance; backdoor
The full article is available to subscribers to the journal.
Author's Biography
Sylvain Cortes is an international expert in the field of identity management and directory cyber security. During his career, he has mainly accompanied international organisations in their digital identity transformation plans. Sylvain has been recognised as a 16x Microsoft MVP in the identity domain and he is the president of CADIM, a French non-profit organisation that organises an annual event in Paris dedicated to identity management and cyber security. He is a regular speaker for various events such as Blackhat, Cloud Expo, IdentityDays, FS-ISAC, aOS, IT Nordics, RIAMS, Les Assises de la Sécurité, FIC and more.
