Active Directory Security Assessment

Over the years, Microsoft Active Directory has become the cornerstone of corporate security. However, the importance of keeping it secure is usually underestimated. Regardless of how well AD services are initially configured, they are constantly evolving systems and their security needs to be constantly updated for maximum protection.

Cyber-attacks always follow a similar pattern. After bypassing the perimeter protection, they target the same infrastructure: Active Directory that holds all access control rights.

There are many solutions designed to prevent or detect perimeter breaches, but if these solutions are defeated, a vulnerable AD is an open highway for hackers to access confidential data, gain control of systems and disrupt operations.

Maintaining a state-of-the-art security for AD is challenging – both technical and process-wise. Our ADSA service comprehensively empowers your enterprise security team with continuous visibility into exposed accounts and privileges, weak AD controls, and compromised passwords that pose an immediate threat to your organization:

Deliverables of Our Active Directory Security Assessment Service.

  • Discover All Accounts, Including Shadow Admins. Discover all users in your network — business, privileged, service — so you can determine which accounts are human vs. machine, stale, hidden, active or inactive. In addition, automatically discover stealthy (or shadow) administrators who are not part of the official Admin group so that you quickly mitigate risk.
  • Uncover Network Weaknesses. Weak AD controls, exposed workstations, unknown objects, out-of-date OS, and other risk factors are all visible to you to take action against to protect your network from breach.
  • Detect Weak and Exposed Credentials and Accounts. Continuous monitoring exposes who has weak, stale, duplicate, or exposed credentials that are easily leveraged by attackers, allowing the security team to recommend remediation strategies and enforce best practices for policy and control.
  • Eliminate Risk from Users with Breached Passwords. Deep contextual intelligence and library of hashes is combined with password dictionaries to reveal already compromised passwords.
  • Expose Potential Risk Factors. Risk factors such as users with inappropriately assigned SIDs (security identifier) workstations that do not require SMB signing, unconstrained delegation machines and other risky privileges and controls are instantly detected and remediated with Preempt
  • Automatic and Continuous detection of sophisticated Active Directory based attacks such as;
    1. Remote Code Execution
    2. NTLM Relay Alert
    3. Anomalous RPC
    4. Suspicious LDAP Activity (BloodHound/Kerberoasting).
    5. Possible exploitation attempt (CredSSP)
    6. Hidden object detected
    7. Unusual new account activity
    8. Suspicious domain replication
    9. Skeleton key alert
    10. Forged PAC alert
    11. Golden ticket attack
    12. Silver ticket
    13. Geographic anomaly
    14. Use of stale user account
    15. Use of stale endpoint
    16. Excessive activity (services)
    17. Excessive activity (servers).
    18. Excessive activity (workstations)
    19. Password brute force
    20. Credentials scanning.
    21. Suspicious Protocol Implementation (Ubiquitous Kerberos exploitation modules).
    22. Suspicious ticket reuse / Pass-the-Ticket attack
    23. Suspicious lateral movement
    24. Unusual access to server or service
    25. Unusual use of endpoint.
    26. DCSync and DCShadow


Identity and Risk Insights

Real Time Threat Detection

Conditional Access

Fill the form below if you’re interested in our Active Directory Security Assessment (ADSA) offering