The Resilience Rundown Podcast: Navigating Active Directory Threats and Protections

Commvault Field CTO and Principal Technologist Dan Conrad stopped by Episode 12 of The Resilience Rundown podcast to chat with host Thomas Bryant about Active Directory. Dan has over two decades of Active Directory experience.

Common Threats to AD

Thomas mentioned that many people in the industry tend to overlook authentication and Active Directory when they’re planning for cyber incidents. Dan agreed that the most common threats haven’t changed over his career and tend to boil down to people, processes, and mentalities.

He shared that the way Active Directory was administered previously was flawed and administrators created dangerous or exploitable situations by running all over the network and doing everything with admin credentials.

The single sign-on nature of Active Directory, Dan said, makes it very easy for users and admins to use, but we leave footprints everywhere we go. And those footprints are exploitable by attackers. He mentioned many examples of breaches resulting from one user with a compromised credential.

Increased Security

Over the years, admins including Dan have made advances in security practices, such as managing his regular account separately from his admin account, and using Priviliged Access Management solutions.

“That’s much more efficient from a security perspective because every time I’m done using it, I check it back in and it changes the password, which nullifies all those hashes I just left across the network so that they can’t be exploited,” he said.

He also mentions the need to be careful about giving out credentials just because someone asks – and keep an eye on third-party domain trust relationships that can put systems at risk.

Best Practices

Thomas asked about other best practices to secure Active Directory against threats beyond separating roles and PAM. Dan mentioned patching, with an awareness of the impact to legacy applications. He also mentioned the most important thing is knowing everything you can possibly know about Active Directory.

“That’s sort of my mentality, that safety net, that you think you know how to detect, you think you know how to patch, you think you know how to do all this stuff,” Dan said. “But if you can’t recover, none of that really matters because there’s going to be something you didn’t know about.”

Role of Backup and Recovery

Thomas’ question on the role of backup and recovery in terms of protecting Active Directory prompted Dan to recall some sticky situations from the past. However, he also mentioned that “the other side of that is having the ability to recover at a granular level, is sort of a very relaxing feeling.”

Watch the full podcast here for the rest of their conversation.