spot_img
34.3 F
Washington D.C.
Tuesday, February 17, 2026
HomeSubject Matter AreasCybersecurity
CybersecurityInformation TechnologyIndustry News

Persistent Security Gaps in Hybrid Active Directory and Entra ID Environments, Study Reveals

Matt Seldon
By Matt Seldon
July 10, 2025
cyber digital

Identity systems—particularly Active Directory (AD) and Entra ID—remain high-value targets for cyberattacks. The Five Eyes Alliance, a coalition of international security agencies that includes the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), recently emphasized this in a joint advisory titled Detecting and Mitigating Active Directory Compromises: “Active Directory’s pivotal role in authentication and authorisation makes it a valuable target for malicious actors. It is routinely targeted as part of malicious activity on enterprise IT networks.”

Even as awareness of the risks facing AD and Entra ID grows, many organizations still face difficulties securing their hybrid identity environments. According to an online survey of Purple Knight users conducted by Semperis, respondents reported an average initial security score of just 61%—a failing mark and an 11-point drop compared to results from 2023.

“Hybrid identity environments are complex, and threat actors know it. Overall, organizations can’t protect what they can’t see. The lower average scores in the 2025 Purple Knight Report indicate how crucial it is for companies to proactively assess vulnerabilities across their hybrid identity systems so they can close security gaps before attackers exploit them,” said Deuby. “Purple Knight gives organizations of all sizes the ability to identify vulnerabilities and remediate them before risks become damaging losses because of a compromise.”

Among industries, the government sector scored the lowest average score of 46, followed by retail at 51 out of 100 and transportation and education at 57 out of 100. Healthcare averaged a score of 66, still poor, but the highest among all verticals.

These survey insights, along with findings from in-person discussions with IT and security professionals, highlight ongoing challenges in protecting hybrid identity infrastructures—including AD, Entra ID, and Okta—across virtually every industry.

Click here to read the full report.

(AI was used in part to facilitate this article.)

Previous article
PERSPECTIVE: Iran’s Fatwa Against Trump Is an Operational Threat. How Should the U.S. Respond?
Next article
Sentrycs Rolls Out New Counter-Drone Software Version Amid Rising UAS Threats

Matt Seldon, BSc., is an Editorial Associate with HSToday. He has over 20 years of experience in writing, social media, and analytics. Matt has a degree in Computer Studies from the University of South Wales in the UK. His diverse work experience includes positions at the Department for Work and Pensions and various responsibilities for a wide variety of companies in the private sector. He has been writing and editing various blogs and online content for promotional and educational purposes in his job roles since first entering the workplace. Matt has run various social media campaigns over his career on platforms including Google, Microsoft, Facebook and LinkedIn on topics surrounding promotion and education. His educational campaigns have been on topics including charity volunteering in the public sector and personal finance goals.

Related Articles

Latest Articles

Load more

© All content copyright ©2025 Homeland Security Today. All rights reserved. POWERED BY KAPCOM SERVICES