Imagine the following Active Directory scenario: your environment is 5+ years old with more than 50 domain controllers, and your company acquires other companies, so you end up with more forests. Because of resource constraints and compatibility issues, you cannot remove Windows 7 and Windows Server 2008 completely from your network. You have more than 20 administrators who feel overworked and cannot prioritize security.
If you have some red-team experience with Microsoft AD, you probably know that it’s almost impossible to protect such a network. There is too much legacy configuration and new potential attack vectors.
As of today, what is Microsoft’s approach for Active Directory protection, and what do they offer for their customers?
Option 1 – Upgrade all of your infrastructure to the newest products like Windows 10 and Windows Server 2016.
Option 2 – Migrate and manage your infrastructure to Azure.
Yet with both of these options, the Domain is vulnerable. By design, one compromised machine exposes all domain resources to the attacker.
And what happens if you insist on keeping your current infrastructure intact?
Step 1 – Implement endless best practices to secure the Domain:
Step 2 – Continuously monitor and analyze your network AD logs.
Step 3 – Purchase Microsoft ATA.
Is there a better way?
When we established Javelin Networks, we knew from years of experience how the offense thinks and also how Admins operate. We had to create a solution that could merge the two while not having to re-educate everyone.
People don’t prioritize security. To most, it’s a big headache from an operational point of view, and it costs money. This is why we created the most seamless and effective security solution for any Active Directory environment, so you will feel safe without working hard.
Javelin AD|Protect focuses on the endpoint security issue of vulnerability by design. On the contrary, Microsoft ATA focuses on logs events and behavior. When it’s obvious that the attack starts on the endpoint and servers, which solution is better suited to stop it?
Javelin vs. ATA:
The following video demonstrates a common, stealthy Domain attack methodology and the result from both Javelin AD|Protect and Microsoft ATA.