Active Directory and Insider Threats

Go back to the Active Directory Security Glossary

Insider threat

Everyone assumes an insider threat is a legitimate user exploiting their permissions for nefarious purposes, usually stealing databases, sensitive IP, or manipulating an organizational process to commit fraud.

This type of insider is a major problem because they are inherently difficult to detect or predict. Every large organization uncovers insider threats of this kind from time to time. However, cybercrime has expanded this definition somewhat.

Today, insider threats can also include legitimate accounts that have been hijacked, for such as forgotten accounts belonging to third-party contractors. The user appears genuine, the account is legitimate, but the actions are rogue.

Active Directory, naturally, is a prime target for account takeover. Gain a foothold inside Active Directory and the attacker can attempt to manipulate or damage the entire domain. This is why monitoring the behavior of legitimate user accounts is a new front in the battle to keep networks safe.

Two Factor Authentication
& Access Management for
Windows Active Directory

UserLock helps administrators to manage and secure access for every user, without obstructing employees or frustrating IT.

Learn more

UserLock - User Sessions
Watch the Video