Yamaha Music has implemented two solutions from Active Directory specialist Semperis to detect and respond to current threats, and to rapidly recover Active Directory in the event of a compromise.
Yamaha Music Europe’s globally distributed infrastructure allows employees to access IT resources from anywhere, at any time. But growing concerns about access control and modern cyberthreats introduced a sour note.
Beginning as a reed organ manufacturer in 1887, the company soon expanded into the production of pianos and guitars, and later the manufacturing of phonographs, professional electronics and hi-fi players. Yamaha is known as the world’s leading maker of musical instruments.
The founding of Yamaha Music Europe GmbH in Germany in 1966 marked the company’s entry into European manufacturing. Acquisitions of German music software and hardware maker Steinberg and Austrian piano maker Bösendorfer solidified Yamaha’s presence in the German market. The company’s European arm now has about 800 employees across sales, service and musical education, with branches from Sweden to Italy.
Like many global businesses, Yamaha today faces a symphony of cybersecurity challenges. Its highly heterogeneous IT infrastructure must connect headquarters with regional branches, home offices and mobile workers. The company uses standard products, such as Microsoft 365, as well as in-house solutions to keep its workforce connected – both on-prem and in the cloud – whether operating in the office, on the road or at home.
This constant demand for high connectivity, reliability and performance goes hand in hand with a different challenge: increasing cybersecurity threats.
A familiar tune: Balancing access and risk
Christian-Martin Schulz, Senior Network Engineer, Yamaha Music Europe, and his experienced team of 12 are responsible for maintaining secure, high-performance access to Yamaha’s corporate network. Schulz is also an active member of the company’s German works council. As such, he is well versed in the importance of data protection and the problems inherent in managing access and authorisations across the enterprise.
These priorities prompted Schulz to evaluate the security of Yamaha’s identity infrastructure. Like 90% of companies worldwide, the company uses Microsoft Active Directory (AD) as its central directory service.
Through the course of his duties at Yamaha, Schulz developed a passion for cybersecurity. He began searching for ways to check the security status of the company’s identity infrastructure.
“We’ve been using AD since Windows NT,” Schulz said. “It’s the central authentication point for all systems. Without AD, practically nothing works: no remote connections, no access.”
Evaluating Active Directory security his research eventually led him to Purple Knight, a free tool for assessing the security of AD and Entra ID (formerly Azure AD) environments. He learned that Purple Knight is a leading community tool for detecting indicators of exposure (IOEs) and indicators of compromise (IOCs) in hybrid AD infrastructures.
Schulz downloaded Purple Knight, a free Semperis tool, and began using the tool to conduct a comprehensive series of tests against the most common and effective attack vectors.
Purple Knight detects risky configurations and vulnerabilities, generates a security posture report across five categories, and provides recommendations for prioritising remediation actions. The tool checks for more than 130 IOEs and IOCs and returns a security score that enables an organisation to assess its security status, considering possible threats. The average score for first-time Purple Knight users is 68%, a value that always gives reason to deal more intensively with the topic.
“After Purple Knight’s analysis, we set out to improve our own status quo,” Schulz explained. “Because if a cyberattacker actually got to our Active Directory, we would have to rebuild everything. So, to optimise our security, we started looking for the reasons for the vulnerabilities and what was actually missing.”
In the spotlight: Threat detection and AD recovery
Two areas proved especially critical for the company: detection and response to current threats, and rapid recovery of Active Directory in the event of an actual compromise. Yamaha Europe decided to implement two solutions from Active Directory specialist Semperis: Directory Services Protector and Active Directory Forest Recovery.
“We’re not huge,” said Schulz, explaining Yamaha Music Europe’s decision to work with Semperis. “For us, it was important to find a solution that fits and a partner who guarantees fast support.”
When the time came to deploy the solutions, installation took just one day, utilising previously submitted server specifications.
Continuous Active Directory monitoring Semperis Directory Services Protector is the industry’s most comprehensive identity threat detection and response (ITDR) platform. The need to deploy an ITDR platform stems from the simple fact that, according to research, nine out of 10 cyberattacks on enterprises involve Active Directory.
Attackers target Active Directory mainly through misconfigurations or security vulnerabilities. Sophisticated ITDR solutions like those from Semperis provide continuous monitoring and an overview of the current security posture, and if a compromise should occur, these solutions enable the organisation to undo malicious changes.
Unlike tracking tools that rely solely on security protocols and agents on domain controllers, Directory Services Protector monitors multiple data sources. Most importantly, the tool monitors the Active Directory replication stream – the only reliable way to capture every change, regardless of how attackers try to cover their tracks.
“It is extremely time-consuming for network administrators to search for new threats or detect misconfigurations on their own. Directory Services Protector now relieves us of this concern,” explains Schulz.
Operational resilience through rapid recovery
“While there is no such thing as 100% protection for IT systems, our job as network managers is primarily to make attacks as difficult as possible,” Schulz points out.
If, despite all precautionary measures, an attacker manages to penetrate Active Directory, it is vital to get the infrastructure up and running again as quickly as possible. This is the purpose of the second product Yamaha implemented: Active Directory Forest Recovery.
In a worst-case scenario, a ransomware or wiper attack might be able to take down an organisation’s domain controllers, for example. In such cases, the restoration of the compromised AD forest using traditional, manual methods can take days or even weeks. Plus, companies still face the risk of malware reinfection via corrupted back-ups.
“The failure of Active Directory inevitably leads to a standstill in business activities,” explains Schulz. “Rapid recovery is therefore the most urgent task. We are able to avoid this stress with the use of Active Directory Forest Recovery.”
This Semperis solution increases operational reliability through three basic functions.
● Easily set up a replica of the Active Directory production environment
● Automate the entire recovery process, to reduce downtime
● Prevent the reintroduction of malware, by restoring Active Directory to a known safe state
In addition, Active Directory Forest Recovery automates the organisation of back-ups, keeping them up to date and reducing the amount of storage space required.
Striking a hopeful note with proactive identity-first security
The Semperis solutions’ capabilities were the deciding factor in Yamaha’s purchasing decision. However, a second component was also an essential factor for Schulz.
“Fast and competent support is also enormously important to us,” he said.
Schulz’s experience with Semperis has enabled him to strike a hopeful note regarding risk mitigation for Yamaha Music Europe. The company is currently planning to extend Semperis’ support to its cloud resources.
“It became clear to me that security is a never-ending process that requires proactive action,” Schulz said.
Click below to share this article