How do you discover and assess misconfigurations and newly discovered vulnerabilities in your most critical asset – Active Directory?
Let’s face it. Most of the hacks being done today are exploiting or abusing the Microsoft Active Directory because that is where all users and administrators are located.
So of course, we need to secure the Active Directory and make sure that nobody can abuse the repository. But that is not an easy task, is it?
Besides the obvious abuses of misconfiguration of the Microsoft Active Directory wouldn’t it be nice if you also could monitor if:
- A new user is created with extensive privileges
- An existing user is having extended privileges or privileges being elevated.
- Users are being deleted
- Dangerous trust relationship exists
- Weak and compromised password used on critical accounts
- Unprotected privileged user accounts
- And other changes to your Microsoft AD that might be important
All that information is already in your security logs, but do you know how to interpret these logs – only a small number of people do.
The solution to this is to do continuous monitoring of the Active Directory – It needs to be continuous because even though a one-time review will bring a lot of value, the continuous monitoring will provide real time alerts and important information about changes done by intruders or misconfiguration done by the staff – also after the one-time review.
With continuous monitoring of your Active Directory, you will get real-time detection, and easy to understand and knowledgeable insights in your Active Directory installation. It will help your IT staff secure the infrastructure with hardening AD and fix the weaknesses before it is utilized by attackers.
We have recently implemented the Active Directory scanning tool of our choice for one of our customers, and we experienced the following benefits:
- Fast deployment without any agents and excessive rights
- Quick initial scanning of the AD
- First glance of indicators of exposure
- Great dashboards for overview of your organization
- Easy explanation and translation of AD logs
- Easy to understand remediation solutions
- Realtime alerts when unattended events occur
All of the above gives great benefits, – especially the part about the explanation and translation of the AD logs is in our opinion really important. We are not all Windows Security Engineers so getting a more specific advice on critical logs is important, and it ensures that you are not missing anything.
More specific, we noted a few major configuration errors which could have resulted in total compromise of the domain if the customer was hit by an intruder. Quite quickly we did also get a good overview and understanding of the entire AD infrastructure with clear remediation actions of what we had to prioritize.
In a fraction of the time the customer would have used on going through AD hardening standards and research, we got everything up front and are now scoring over 95% on the global security score.
The tool is not only scanning for known vulnerabilities and misconfigurations, it is also assessing the system with best practices and security standards which are basic IT-hygiene.
The customer is very happy with the solution and in our opinion it is a welcome addition to the portfolio of security assessment tools.
If you are interested in learning more about this AD tool, then please reach out to us and let us have a discussion. You may end up being as pleasantly surprised as we were.