Active Directory Security Assessment

Over the years, Microsoft Active Directory has become the cornerstone of corporate security. However, the importance of keeping it secure is usually underestimated. Regardless of how well AD services are initially configured, they are constantly evolving systems and their security needs to be constantly updated for maximum protection.

Cyber-attacks always follow a similar pattern. After bypassing the perimeter protection, they target the same infrastructure: Active Directory that holds all access control rights.

There are many solutions designed to prevent or detect perimeter breaches, but if these solutions are defeated, a vulnerable AD is an open highway for hackers to access confidential data, gain control of systems and disrupt operations.

Maintaining a state-of-the-art security for AD is challenging – both technical and process-wise. Our ADSA service comprehensively empowers your enterprise security team with continuous visibility into exposed accounts and privileges, weak AD controls, and compromised passwords that pose an immediate threat to your organization:

Deliverables of Our Active Directory Security Assessment Service.

  • Discover All Accounts, Including Shadow Admins. Discover all users in your network — business, privileged, service — so you can determine which accounts are human vs. machine, stale, hidden, active or inactive. In addition, automatically discover stealthy (or shadow) administrators who are not part of the official Admin group so that you quickly mitigate risk.
  • Visibility Into Users Activities.  Unmatched visibility  into what resources users are actually accessing, when and from which computers, as well as a understanding of where each credentials are used.
  • Uncover Network Weaknesses. Weak AD controls, exposed workstations, unknown objects, out-of-date OS, LDAP and GPO misconfigurations and other risk factors are all visible to you to take action against to protect your network from breach.
  • Detect Weak and Exposed Credentials and Accounts. Continuous monitoring exposes who has weak, stale, duplicate, or exposed credentials that are easily leveraged by attackers, allowing the security team to recommend remediation strategies and enforce best practices for policy and control.
  • Eliminate Risk from Users with Breached Passwords. Deep contextual intelligence and library of hashes is combined with password dictionaries to reveal already compromised passwords.
  • Expose Potential Risk Factors. Risk factors such as users with inappropriately assigned SIDs (security identifier) workstations that do not require SMB signing, unconstrained delegation machines and other risky privileges and controls are instantly detected and remediated with Preempt


Identity and Risk Insights

Real Time Threat Detection

Conditional Access

Automatic and Continuous detection of sophisticated Active Directory based attacks such as;

  1. Remote Code Execution
  2. NTLM Relay Alert
  3. Anomalous RPC
  4. Suspicious LDAP Activity (BloodHound/Kerberoasting).
  5. Possible exploitation attempt (CredSSP)
  6. Hidden object detected
  7. Unusual new account activity
  8. Suspicious domain replication
  9. Skeleton key alert
  10. Forged PAC alert
  11. Golden ticket attack
  12. Silver ticket
  13. Geographic anomaly
  14. Use of stale user account
  15. Use of stale endpoint
  16. Excessive activity (services)
  17. Excessive activity (servers).
  18. Excessive activity (workstations)
  19. Password brute force
  20. Credentials scanning.
  21. Suspicious Protocol Implementation (Ubiquitous Kerberos exploitation modules).
  22. Suspicious ticket reuse / Pass-the-Ticket attack
  23. Suspicious lateral movement
  24. Unusual access to server or service
  25. Unusual use of endpoint.
  26. DCSync and DCShadow

Fill the form below if you’re interested in our Active Directory Security Assessment (ADSA) offering