Related papers: Securing Sideways: Thwarting Lateral Movement by Implementing Active Directory Tiering

Securing Sideways: Thwarting Lateral Movement by Implementing Active Directory Tiering

URL: http://arxiv.org/abs/2508.11812v1
Date: Fri, 15 Aug 2025 21:40:31 GMT
Title: Securing Sideways: Thwarting Lateral Movement by Implementing Active Directory Tiering
Authors: Tyler Schroder, Sohee Kim Park,
Abstract summary: An organization's digital identity plane is a prime target for cyber threat actors.<n>Cybercrime losses reached a record of 16.6 B in the United States in 2024.<n>For organizations using Microsoft software, Active Directory is the on-premises identity system of choice.
Score: 0.0
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: The advancement of computing equipment and the advances in services over the Internet has allowed corporations, higher education, and many other organizations to pursue the shared computing network environment. A requirement for shared computing environments is a centralized identity system to authenticate and authorize user access. An organization's digital identity plane is a prime target for cyber threat actors. When compromised, identities can be exploited to steal credentials, create unauthorized accounts, and manipulate permissions-enabling attackers to gain control of the network and undermine its confidentiality, availability, and integrity. Cybercrime losses reached a record of 16.6 B in the United States in 2024. For organizations using Microsoft software, Active Directory is the on-premises identity system of choice. In this article, we examine the challenge of security compromises in Active Directory (AD) environments and present effective strategies to prevent credential theft and limit lateral movement by threat actors. Our proposed approaches aim to confine the movement of compromised credentials, preventing significant privilege escalation and theft. We argue that through our illustration of real-world scenarios, tiering can halt lateral movement and advanced cyber-attacks, thus reducing ransom escalation. Our work bridges a gap in existing literature by combining technical guidelines with theoretical arguments in support of tiering, positioning it as a vital component of modern cybersecurity strategy even though it cannot function in isolation. As the hardware advances and the cloud sourced services along with AI is advancing with unprecedented speed, we think it is important for security experts and the business to work together and start designing and developing software and frameworks to classify devices automatically and accurately within the tiered structure.

Related papers

LegionITS: A Federated Intrusion-Tolerant System Architecture [0.6524460254566903]
We propose a novel architecture that federates Intrusion Tolerant Systems (ITSs) and Malware Information Sharing Platform (MISP) to empower SOCs.<n>As a proof of concept, we evaluate one module by applying Differential Privacy (DP) to Federated Learning (FL), observing a manageable accuracy drop from 98.42% to 85.98%.
arXiv Detail & Related papers (2025-12-16T09:52:08Z)
Toward an Intent-Based and Ontology-Driven Autonomic Security Response in Security Orchestration Automation and Response [1.0027737736304287]
We bridge the gap between two research directions: Intent-Based Cyber Defense and Autonomic Cyber Defense.<n>We propose a unified, ontology-driven security intent definition leveraging the MITRE-D3FEND cybersecurity ontology.<n>We also propose a general two-tiered methodology for integrating such security intents into decision-theoretic Autonomic Cyber Defense systems.
arXiv Detail & Related papers (2025-07-16T09:17:53Z)
Enabling Security on the Edge: A CHERI Compartmentalized Network Stack [42.78181795494584]
CHERI provides strong security from the hardware level by enabling fine-grained compartmentalization and memory protection.<n>Our case study examines the trade-offs of isolating applications, TCP/IP libraries, and network drivers on a CheriBSD system deployed on the Arm Morello platform.
arXiv Detail & Related papers (2025-07-07T09:37:59Z)
CyFence: Securing Cyber-Physical Controllers via Trusted Execution Environment [45.86654759872101]
Cyber-physical systems (CPSs) have experienced a significant technological evolution and increased connectivity, at the cost of greater exposure to cyber-attacks.<n>We propose CyFence, a novel architecture that improves the resilience of closed-loop control systems against cyber-attacks by adding a semantic check.<n>We evaluate CyFence considering a real-world application, consisting of an active braking digital controller, demonstrating that it can mitigate different types of attacks with a negligible overhead.
arXiv Detail & Related papers (2025-06-12T12:22:45Z)
A Virtual Cybersecurity Department for Securing Digital Twins in Water Distribution Systems [39.58317527488534]
Digital twins (DTs) help improve real-time monitoring and decision-making in water distribution systems.<n>Their connectivity makes them easy targets for cyberattacks such as scanning, denial-of-service (DoS), and unauthorized access.<n>We present a Virtual Cybersecurity Department (VCD), an affordable and automated framework designed for SMEs.
arXiv Detail & Related papers (2025-04-28T21:14:48Z)
Operationalizing Cybersecurity Knowledge: Design, Implementation & Evaluation of a Knowledge Management System for CACAO Playbooks [0.29998889086656577]
cybersecurity playbooks are key enablers, providing a structured, reusable, and continuously improving approach to incident response.<n>The emerging Collaborative Automated Course of Action Operations (CACAO) standard defines a common machine-processable schema for cybersecurity playbooks.<n>This work presents the design, development, and evaluation of a Knowledge Management System (KMS) for managing CACAO cybersecurity playbooks.
arXiv Detail & Related papers (2025-03-07T07:54:43Z)
Autonomous Identity-Based Threat Segmentation in Zero Trust Architectures [4.169915659794567]
Zero Trust Architectures (ZTA) fundamentally redefine network security by adopting a "trust nothing, verify everything" approach.<n>This research applies the proposed AI-driven, autonomous, identity-based threat segmentation in ZTA.
arXiv Detail & Related papers (2025-01-10T15:35:02Z)
ACRIC: Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
Recent security incidents in safety-critical industries exposed how the lack of proper message authentication enables attackers to inject malicious commands or alter system behavior.<n>These shortcomings have prompted new regulations that emphasize the pressing need to strengthen cybersecurity.<n>We introduce ACRIC, a message authentication solution to secure legacy industrial communications.
arXiv Detail & Related papers (2024-11-21T18:26:05Z)
The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z)
Cyber Sentinel: Exploring Conversational Agents in Streamlining Security Tasks with GPT-4 [0.08192907805418582]
This paper introduces Cyber Sentinel, an innovative task-oriented cybersecurity dialogue system. It embodies the fusion of artificial intelligence, cybersecurity domain expertise, and real-time data analysis to combat the multifaceted challenges posed by cyber adversaries. Our work is a novel approach to task-oriented dialogue systems, leveraging the power of chaining GPT-4 models combined with prompt engineering.
arXiv Detail & Related papers (2023-09-28T13:18:33Z)
When Authentication Is Not Enough: On the Security of Behavioral-Based Driver Authentication Systems [53.2306792009435]
We develop two lightweight driver authentication systems based on Random Forest and Recurrent Neural Network architectures. We are the first to propose attacks against these systems by developing two novel evasion attacks, SMARTCAN and GANCAN. Through our contributions, we aid practitioners in safely adopting these systems, help reduce car thefts, and enhance driver security.
arXiv Detail & Related papers (2023-06-09T14:33:26Z)
Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain [58.30296637276011]
This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques. It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
arXiv Detail & Related papers (2020-07-05T18:22:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.