cyber security IT Infra Security Tech Whitepapers

2023 Purple Knight Report

1,028 Less than a minute

Organizations continue to report low scores on Purple Knight Active Directory security assessment

Organizations across every industry are still struggling to identify and address security vulnerabilities that leave their identity environments open to cyberattacks. In this survey report, discover the latest 2023 key findings on Active Directory security challenges as well as how Purple Knight users saw improvements as high as 64% after implementing expert guidance.

Key findings from this survey:

Organizations reported an average score of 61 in the account security category, the lowest score among the seven AD categories assessed by the Purple Knight tool; 55% of organizations reported 5+ vulnerabilities in the Azure AD category.
13% of organizations also reported 5+ security indicators in the new Azure AD category, which focuses on vulnerabilities such as inactive guest accounts and misconfigured conditional access policies.
Users reported an average of 40% improvement—and as much as 64% improvement—on subsequent assessment scores after applying the remediation guidance included in their assessments.
Beyond using the Purple Knight results for remediation, organizations use the tool to uncover unknown vulnerabilities, communicate security posture to leaders and other teams, compensate for lack of in-house AD skills, prepare for other assessments including pen tests, and garner more resources for AD security improvements.
Despite multiple warnings from analysts, coverage of ongoing AD attacks, and urgent calls for action from their own IT teams, many organizational leaders are not prioritizing AD-specific security and recovery, leaving them vulnerable to proliferating AD-based attacks.