Between remote users and contractors, construction company Maple Reinders needed to get control of Active Directory (AD) user account security and shore up its Identity Threat Detection and Response (ITDR) foundation—fast.
Managing AD user account sprawl
Award-winning full-service construction company Maple Reinders has operated in multiple provinces across Canada for over fifty years. Specializing in civil, environmental, and industrial, commercial, and institutional (ICI) construction, the firm builds everything from storage facilities and condo buildings to schools and infrastructure.
Maple Reinders maintains a sprawling Active Directory environment with multiple domain controllers in multiple locations. Geographic distribution aside, the company’s greatest challenge involves its users: hundreds of employees and contractors, spread across six locations.
“Our Active Directory environment is largely very flat,” explains Kevin Dreyer, IT director and CSO at Maple Reinders. “We have people working remotely quite often, coupled with a large user base that’s not very tech savvy. The infrastructure’s flatness is definitely a concern, but we’re also a little bit out of date, which adds to the risk.”
“We’re a small [IT] team,” Dreyer continues. “So simply finding the capacity to do the necessary work is its own challenge.”
Watch Dryer talk with Petri IT Knowledgebase about Maple Reinder’s experience using Purple Knight.
Getting a grip on privileged access
When Dreyer first heard of Purple Knight, he saw an opportunity. Here was a tool that could help Maple Reinders achieve better Active Directory security. Best of all for Dreyer, the tool was completely free.
“When we first ran Purple Knight, we weren’t in the green for any of the tool’s different categories,” Dreyer recalls. “Account security was our worst score, and by far my greatest concern. We lacked clear policies around user accounts, and we hadn’t done the necessary legwork to secure them and configure our domains.”
For Dreyer, the biggest eye-opener involved account management. Within Maple Reinders’s Active Directory environment were multiple disabled user and computer accounts that still had privileged domain access. Since that initial scan, Maple Reinders has run Purple Knight three more times.
“Every two months, we look to see if there’s a new version of the tool, and if there is, we run it,” says Dreyer. “It always identifies new problems for us to fix. Overall, I’d say the greatest insight gained from Purple Knight is that we need to free up our sysadmins and analysts so they can properly secure our environment.”
Building a stronger ITDR foundation
Along with using Purple Knight for periodic scans, Dreyer has made extensive use of the tool’s reporting functionality. He submits regular reports to his own team as well as the company’s executives and board of directors.
“Purple Knight allows us to promote continual improvements to our team’s security discipline,” Dreyer explains. “But more than that, it’s the only tool capable of doing what it does. Alongside Purple Knight, we also use Tenable IO, Rapid7, and Qualys; none of those other solutions can find Active Directory vulnerabilities as effectively.”
“I strongly recommend Purple Knight to any organization with an Active Directory environment,” Dreyer concludes. “I’ve been very happy with it.”
Learn more
Ready to learn how Purple Knight can help you evaluate and strengthen your own ITDR foundation?
