Microsoft Active Directory (AD) is used by 90 percent of enterprises as the primary source of trust for identity and access, but it’s also exploited in many cyberattacks.
Since AD is rarely safeguarded effectively, attackers have come to depend on weak configurations to identify attack paths, access privileged credentials and get a foothold in target networks.
Now though cyber resilience specialist Semperis has announced the availability of Purple Knight, a free security assessment tool that allows organizations to safely probe their AD environment to uncover dangerous misconfigurations and other weaknesses that attackers could exploit.
Considering that 80 percent or more of cyberattacks involve the abuse of privileged credentials, inherent Active Directory vulnerabilities have the potential to compromise an organization’s entire security infrastructure, which puts pressure on AD managers and security teams to stay ahead of the threats
To lock down AD, you must think like an attacker. With the release of Purple Knight, Semperis is giving organizations a window into the security posture of their AD environments, with the ultimate goal of empowering organizations to safely challenge their defenses, find weak spots, and take immediate action before those weaknesses are exploited.
Purple Knight works by querying an organization’s AD environment and performing a comprehensive set of tests against the most common and effective attack vectors that correlate to known security frameworks such as the MITRE ATT&CK. With no special installation required, the tool maps to pre- and post-attack security indicators across five core aspects of AD’s security posture, including AD delegation, account security, AD infrastructure security, group policy security, and Kerberos security.
Once the assessment is done, Purple Knight generates a summary report that provides an overall risk score, details the indicators of exposure detected and likelihood of compromise. It also recommends actionable steps to address any weaknesses before they can be exploited by attackers.