Continuously Assess Your Active Directory Security State

Cyberattackers are relentless in looking for system weaknesses to exploit. Most often, they find those weaknesses in Active Directory (AD), given its age, the sheer number of settings to abuse, and the increasingly sophisticated threat landscape.

Your defense should be just as relentless. You need to anticipate adversaries’ advances and thwart attacks at every stage of the cyber kill chain—across your hybrid identity environment.

Mandiant researchers reported that in 90% of the incidents they investigated, Active Directory was involved in one way or another.

Source: Dark Reading

Companies are failing Active Directory security assessments.


Build an ever-ready security posture

Creating a cyber-resilient organization is impossible using only traditional monitoring tools, which lack the depth and insight into Active Directory and Azure Active Directory (Azure AD) required to catch today’s sophisticated attacks. You need to apply specific tools and tactics to prevent unwanted changes within Active Directory—both on-premises and in the cloud.

But many companies are unaware of the security weaknesses in their Active Directory environments. In fact, in thousands of security assessments run with Purple Knight, a free tool that scans for 60+ indicators of compromise (IOCs) and indicators of exposure (IOEs), the average score was 61%—a barely passing grade.

To guard against the escalating surge of identity-related threats, you need continuous security monitoring across the entire Active Directory attack life cycle— before, during, and after an attack.


Detect and respond to Active Directory threats

Semperis Directory Services Protector (DSP) continuously:

  • Scans your hybrid AD environment for IOEs and IOCs
  • Provides unmatched visibility into shadow attacks that circumvent SIEM visibility
  • Automatically rolls back unwanted changes to sensitive accounts

“A few types of attacks—including DCShadow and Zerologon—that have been seen in the wild leave no discernable trail … The old model of watching AD audit events for changes is no longer viable.”

Guido Grillenmeier | Chief Technologist | Semperis


Gain control of your AD security posture

To guard against escalating Active Directory attacks, you need a continuous security assessment that will:

  • Discover vulnerabilities before attackers do, with 24/7 scanning of your hybrid Active Directory environment to uncover security vulnerabilities and risky configurations and maintain proper hygiene
  • Stay ahead of ever-evolving threats by proactively hardening your hybrid Active Directory against new malicious tactics and techniques
  • Utilize built-in threat intelligence from a community of security researchers
  • Expose blind spots in the audit log by using multiple data sources, including the Active Directory replication stream, to gain uninterrupted visibility into advanced attacks that SIEMs miss
  • Arm security analysts with actionable insights

Common indicators to look for in a continuous security assessment:

  • Privileged objects with unprivileged owners
  • Permission changes on the AdminSDHolder object
  • Unprivileged users with DCSync rights on the domain
  • Default security descriptor schema changes in the past 90 days
  • Computers and Group Managed Service Accounts (gMSA) objects with passwords set more than 90 days ago
  • Reversible passwords found in Group Policy Objects (GPOs)
  • Anonymous access to Active Directory enabled
  • Zerologon vulnerability (CVE-2020-1472) if the patch is not applied.
  • Evidence of a Mimikatz DCShadow attack and the back door it creates

“Hardening AD begins with getting a handle on the vulnerabilities and common configuration and management mishaps that pave the road to compromises. To defend AD, administrators need to know how attackers are targeting their environment.”

Sean Deuby | Director of Services

“Great product for peace of mind when protecting your Active Directory.” 

—Microsoft Systems Engineer, Infrastructure & Operations, $500M+ Services Company 

 See the full review on Gartner Peer Insights


Unlock cyber resilience Request a demo