Identity Security Posture Management (ISPM) at Shield Cyber - Q4 2024 Metrics

In 2024, Shield Cyber observed a significant uptick in interest around Identity Security Posture Management (ISPM) among our MSSP and MSP partners. This reflects an industry-wide trend: while organizations continue migrating to the cloud, many (especially those with over 100 employees), continue to remain heavily reliant on Active Directory (AD) for identity services.

Industry evaluations in Q4 reveal a pressing need for better identity security practices:

• ~92% of environments assessed by Shield Cyber in 2024 exhibited significant Active Directory issues that leave end-customers vulnerable to attack (Shield Cyber 2024 data)
• 100%+ YoY increase in Kerberoasting attacks 2020-2022 (IBM X-Force Security report)
• 583% increase in Kerberoasting attacks in 2023 (Crowdstrike 2024 threat hunting report)

This underscores the growing importance of ISPM as organizations recognize that securing the identity layer is critical to reducing attack surfaces and mitigating risk.

What is Identity Security Posture Management (ISPM)?

ISPM focuses on securing and monitoring identity services used by organizations, from small businesses to large enterprises. While larger companies often lead the way in implementing robust ISPM controls, a gap persists in "the channel" (MSSPs/MSPs) and among smaller clients.

While programs like vulnerability management are foundational to a strong cybersecurity program, without a properly configured identity layer, organizations greatly increase the "blast radius" of potential attacks. For example, patching known vulnerabilities won't help when an overprivileged user clicks on a phishing email, allowing a malicious actor to pivot and escalate privileges, leading to unfettered access to sensitive systems.

Top 5 Active Directory Misconfigurations in Q4 2024

Data gathered via Shield Cyber from dozens of MSSP/MSP partners for hundreds of end clients highlights the most common AD misconfigurations:

• Privileged User Configured with a Service Principal Name (SPN): Vulnerable to Kerberoasting attacks. ‍
• Privileged Users Not in Protected User Groups: Missing critical protections for admin accounts. ‍
• Privileged Accounts with Weak Passwords: Admin, service, and “break glass” accounts often fail to meet modern standards (e.g., unique 30-character passwords). ‍
• Insufficient Domain and Forest Functional Level: Organizations lag behind recommended functional levels, missing crucial security enhancements. ‍
• Misconfigured ADCS Certificate Templates: Templates with overly permissive enrollment permissions or those lacking proper issuance requirements can be exploited to issue certificates that grant unauthorized access, including Domain Admin privileges.
  ‍

What Should Service Providers Do?

Shield Cyber recommends the following steps to improve your AD security posture:

1. Assess Your Current AD Environment

Understand the scope and structure of your AD setup. Without full visibility, effective evaluation and improvement are impossible.

2. Perform a Shield Cyber AD Assessment

Go beyond basic checks like disabled users and inactive computers. Identify advanced misconfigurations that attackers exploit today. For instance, Kerberoasting attacks have surged in popularity and often evade detection by EDR/MDR tools.

3. Implement Continuous Monitoring

Treat the identity layer with the same diligence as vulnerability management. Annual checks for inactive AD accounts are no longer sufficient—regular evaluation is essential for hardening your attack surface.

4. Develop and Execute a Remediation Plan

Establish a consistent process to address identity misconfigurations. Adopt foundational best practices such as password policies, MFA, and least-privilege access to minimize risk and maintain a secure identity posture.

The Opportunity for MSSPs/MSPs

The MSSP/MSP channel has a unique opportunity to elevate their clients’ security posture to enterprise-grade levels. Shield Cyber partners with MSSPs and MSPs to provide the tools, expertise, and support needed to deliver comprehensive identity security solutions.

Shield Cyber Empower Partners To:

• Strengthen their clients’ security while enhancing their own service offerings.
• Address gaps in identity security that often go unnoticed in traditional vulnerability management programs.
• Demonstrate thought-leadership which leads to a competitive advantage vs. The ~10,000 MSSPs in the market

If you or your clients would benefit from an ISPM assessment, reach out to the Shield Cyber team. Beyond offering tools for assessments, we’re committed to sharing our insights from evaluating thousands of AD environments, helping organizations secure their most critical layer: identity.

Conclusion

The identity layer is becoming the next frontier in cybersecurity. With the right tools and processes, MSSPs and MSPs can help clients stay ahead of attackers and reduce risk. Shield Cyber is here to support you in delivering enterprise-level ISPM to every client, large or small.

Let’s secure the future—together.

‍