Win­dows Open to At­tacks

70% of Win­dows En­vi­ron­ments are at Risk of Ma­li­cious At­tacks ac­cord­ing to a Man­ageEngine sur­vey

DQ Channels - - Channel Pulse - ANUSHRUTI SINGH (anushrutis@cy­ber­me­

70% of Win­dows En­vi­ron­ments are at Risk of Ma­li­cious At­tacks ac­cord­ing to a Man­ageEngine sur­vey

Man­ageEngine, the real-time IT man­age­ment com­pany, an­nounced the re­sults of the global Man­ageEngine Ac­tive Di­rec­tory and Win­dows Server Se­cu­rity – Trends and Prac­tices Sur­vey, 2016. Among the crit­i­cal find­ings is that 70 per­cent of IT ad­min­is­tra­tors across the globe say that their Win­dows en­vi­ron­ments are at risk of ma­li­cious at­tacks.

Over the past few years, the suc­cess rate of at­tacks, both in­ter­nal and ex­ter­nal, on cor­po­rate net­works has been grow­ing. At the cen­ter of most cor­po­rate net­works is Ac­tive Di­rec­tory. Since Ac­tive Di­rec­tory is the most im­por­tant tech­nol­ogy to con­trol ac­cess to the net­work and re­sources, it is im­por­tant to se­cure all as­pects of this por­tion of a net­work.

How­ever, the grow­ing suc­cess rate of at­tacks sug­gests that many or­ga­ni­za­tions do not se­cure Ac­tive Di­rec­tory cor­rectly. Re­cently, Man­ageEngine con­ducted a sur­vey to bet­ter un­der­stand the com­mon se­cu­rity prac­tices fol­lowed by IT ad­mins that spe­cial­ize in Ac­tive Di­rec­tory and Win­dows Server. The full sur­vey and re­sults from 327 prac­ti­tion­ers is avail­able at:­­ucts/ ac­tive-di­rec­tory-au­dit/win­dows-ad-se­cu­ri­ty­survey.html.

“Or­ga­ni­za­tions clearly are pay­ing closer at­ten­tion to the se­cu­rity for Ac­tive Di­rec­tory,” said Derek Mel­ber, Tech­ni­cal Evan­ge­list for Man­ageEngine and Mi­crosite Man­ager of Se­cu­rity Hard­en­ing for Ac­tive Di­rec­tory and Win­dows Servers. “How­ever, the sur­vey re­sults also in­di­cate that Win­dows en­vi­ron­ments are far from be­ing se­cure, and im­proved over­all vis­i­bil­ity is es­sen­tial.”


Anal­y­sis of the sur­vey re­sults re­veals key fac­tors that in­flu­ence se­cu­rity. It also out­lines im­por­tant sug­ges­tions for the year ahead re­gard­ing se­cu­rity of Win­dows en­vi­ron­ments. In turn, or­ga­ni­za­tions can en­hance se­cu­rity mea­sures to en­sure a more se­cure and smoother en­vi­ron­ment to run busi­ness op­er­a­tions. In­sights into var­i­ous as­pects of Win­dows en­vi­ron­ment se­cu­rity in­clude:

Aware­ness of and con­cern about in­ter­nal at­tacks

In­ter­est in a se­cu­rity so­lu­tion with change no­ti­fi­ca­tion alerts

Ease of ac­cess­ing cur­rent Win­dows se­cu­rity set­tings

Knowl­edge of cur­rent Win­dows se­cu­rity stan­dards

Fre­quency of us­ing tools to gen­er­ate se­cu­rity re­ports


70 per­cent of re­spon­dents agree that their Win­dows en­vi­ron­ments are not com­pletely se­cure from ma­li­cious at­tacks, while an­other 10 per­cent ad­mit to be­ing un­aware of the se­cu­rity stan­dards for Win­dows en­vi­ron­ments.

72 per­cent of re­spon­dents seek a so­lu­tion that sends alerts when se­cu­rity con­fig­u­ra­tions change, yet 55 per­cent have not be­gun to use one.

47 per­cent of IT ad­mins find it dif­fi­cult and time con­sum­ing to gain aware­ness of the cur­rent se­cu­rity set­tings of their Win­dows en­vi­ron­ments. A small per­cent­age of re­spon­dents use scripts but find it te­dious.


The re­sults clearly in­di­cate that or­ga­ni­za­tions need to take im­me­di­ate ac­tion to se­cure their Win­dows en­vi­ron­ments.

The find­ings im­ply a vis­i­bil­ity gap in the mar­ket. De­spite the mar­ket avail­abil­ity of so­lu­tion providers, at least half the or­ga­ni­za­tions do not use a con­fig­u­ra­tion alert sys­tem and may need to per­form re­quire­ment-to-so­lu­tion map­ping to re­duce this gap.

For ef­fi­cient man­age­ment of their Win­dows en­vi­ron­ments, IT ad­mins could ben­e­fit from ex­plor­ing avail­able re­port­ing so­lu­tions.

“Or­gan­i­sa­tions clearly are pay­ing closer at­ten­tion to the se­cu­rity for Ac­tive Direc­tory” DEREK MEL­BER, Tech­ni­cal Evan­ge­list, Man­ageEngine

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.