Back

Holm Security Launches Active Directory Security Amid Regulatory Pressure

Severity: High (Score: 63.9)

Sources: www.globenewswire.com, Uk.Finance.Yahoo

Published: 2026-06-09 · Updated: 2026-06-09

Keywords: security, active, directory, holm, platform, expands, harden

Severity indicators: pla

Summary

Holm Security has introduced Active Directory Security, enhancing its platform to continuously assess on-premises Active Directory for vulnerabilities. This launch coincides with increasing regulatory demands in Europe, particularly under directives like NIS2 and DORA. Active Directory remains a critical component for identity management in organizations, with 22% of breaches starting from stolen credentials, as noted in the Verizon 2025 Data Breach Investigations Report. The new capability replaces traditional point-in-time audits with continuous visibility, addressing common attack vectors such as Kerberos abuse and credential dumping. Holm Security's platform now includes 187 checks across nine MITRE ATT&CK tactics, focusing on credential access, privilege escalation, and lateral movement. The service is available to all Holm Security customers as of today, June 9, 2026. Key Points: • Holm Security's Active Directory Security continuously assesses vulnerabilities in AD. • 22% of breaches start with stolen credentials, often linked to Active Directory. • The platform includes 187 checks mapped to nine MITRE ATT&CK tactics.

Detailed Analysis

**Impact** European organizations, particularly those subject to NIS2 and DORA regulations, are directly affected by the increased focus on Active Directory security. The scope includes enterprises relying on on-premises Active Directory environments that control access to critical business systems and cloud identities via synchronization tools like Entra Connect. Compromise of domain administrator accounts can lead to full control over corporate identity and access management, risking exposure of sensitive data and operational disruption across sectors using Microsoft infrastructure. Holm Security customers globally gain continuous visibility into these risks. **Technical Details** The attack vector involves exploitation of on-premises Active Directory misconfigurations and weaknesses such as Kerberos abuse, credential dumping, delegation abuse, ACL manipulation, and GPO tampering. Holm Security’s solution covers 187 checks mapped to nine MITRE ATT&CK tactics, with emphasis on Credential Access, Privilege Escalation, Persistence, and Lateral Movement techniques. No specific malware, CVEs, or IOCs are mentioned. The platform integrates findings into existing vulnerability workflows, enabling continuous assessment rather than periodic audits. **Recommended Response** Organizations should implement continuous monitoring of Active Directory configurations and apply prioritized remediation based on severity ratings provided by Holm Security’s platform. Focus on hardening Kerberos settings, restricting dangerous delegation, securing certificate templates, and auditing Group Policy Objects for exposed credentials. Security teams should integrate Active Directory findings with broader vulnerability management processes and ensure alignment with compliance requirements under NIS2 and DORA. No specific patches or IOCs were detailed; monitoring and addressing identified misconfigurations is critical.

Source articles (3)

  • Holm Security expands platform with Active Directory Security to harden the most — Uk.Finance.Yahoo · 2026-06-09
    New capability brings continuous on-premises Active Directory assessment into the same platform that already covers systems, networks, web, cloud, and API security - replacing point-in-time audits wit…
  • Active Directory Security — www.globenewswire.com · 2026-06-09
    Active Directory Security is the latest addition to the Holm Security platform, joining our existing coverage for System & Network Security. From today, every Holm Security customer running authentica…
  • 22% of breaches begin with stolen credentials — www.globenewswire.com · 2026-06-09

Timeline

  • 2025-01-01 — Verizon 2025 Data Breach Investigations Report released: The report reveals that 22% of breaches begin with stolen credentials, highlighting the importance of securing Active Directory.
  • 2026-06-09 — Holm Security launches Active Directory Security: The new capability provides continuous assessments of on-premises Active Directory, enhancing vulnerability management.
  • 2026-06-09 — Regulatory pressure increases for European organizations: Organizations face new requirements under directives like NIS2 and DORA, emphasizing identity hygiene.

Related entities

  • Data Breach (Attack Type)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • CWE-269 - Improper Privilege Management (Cwe)
  • T1003 - OS Credential Dumping (Mitre Attack)
  • T1550.002 - Pass The Hash (Mitre Attack)
  • Active Directory (Platform)
  • Entra Connect (Platform)
  • Microsoft 365 (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed