Over the years, Microsoft Active Directory has become the cornerstone of corporate security. However, the importance of keeping it secure is usually underestimated. Regardless of how well AD services are initially configured, they are constantly evolving systems and their security needs to be constantly updated for maximum protection.
Cyber-attacks always follow a similar pattern. After bypassing the perimeter protection, they target the same infrastructure: Active Directory that holds all access control rights.
There are many solutions designed to prevent or detect perimeter breaches, but if these solutions are defeated, a vulnerable AD is an open highway for hackers to access confidential data, gain control of systems and disrupt operations.
Maintaining a state-of-the-art security for AD is challenging – both technical and process-wise. Our ADSA service comprehensively empowers your enterprise security team with continuous visibility into exposed accounts and privileges, weak AD controls, and compromised passwords that pose an immediate threat to your organization:
Deliverables of Our Active Directory Security Assessment Service.
- Discover All Accounts, Including Shadow Admins. Discover all users in your network — business, privileged, service — so you can determine which accounts are human vs. machine, stale, hidden, active or inactive. In addition, automatically discover stealthy (or shadow) administrators who are not part of the official Admin group so that you quickly mitigate risk.
- Uncover Network Weaknesses. Weak AD controls, exposed workstations, unknown objects, out-of-date OS, and other risk factors are all visible to you to take action against to protect your network from breach.
- Detect Weak and Exposed Credentials and Accounts. Continuous monitoring exposes who has weak, stale, duplicate, or exposed credentials that are easily leveraged by attackers, allowing the security team to recommend remediation strategies and enforce best practices for policy and control.
- Eliminate Risk from Users with Breached Passwords. Deep contextual intelligence and library of hashes is combined with password dictionaries to reveal already compromised passwords.
- Expose Potential Risk Factors. Risk factors such as users with inappropriately assigned SIDs (security identifier) workstations that do not require SMB signing, unconstrained delegation machines and other risky privileges and controls are instantly detected and remediated with Preempt
- Automatic and Continuous detection of sophisticated Active Directory based attacks such as;
- Remote Code Execution
- NTLM Relay Alert
- Anomalous RPC
- Suspicious LDAP Activity (BloodHound/Kerberoasting).
- Possible exploitation attempt (CredSSP)
- Hidden object detected
- Unusual new account activity
- Suspicious domain replication
- Skeleton key alert
- Forged PAC alert
- Golden ticket attack
- Silver ticket
- Geographic anomaly
- Use of stale user account
- Use of stale endpoint
- Excessive activity (services)
- Excessive activity (servers).
- Excessive activity (workstations)
- Password brute force
- Credentials scanning.
- Suspicious Protocol Implementation (Ubiquitous Kerberos exploitation modules).
- Suspicious ticket reuse / Pass-the-Ticket attack
- Suspicious lateral movement
- Unusual access to server or service
- Unusual use of endpoint.
- DCSync and DCShadow