Continuously Assess Your Active Directory Security State

Cyberattackers are relentless in looking for system weaknesses to exploit. Most often, they find those weaknesses in Active Directory (AD), given its age, the sheer number of settings to abuse, and the increasingly sophisticated threat landscape.

Your defense should be just as relentless. You need to anticipate adversaries’ advances and thwart attacks at every stage of the cyber kill chain—across your hybrid identity environment.

Mandiant researchers reported that in 90% of the incidents they investigated, Active Directory was involved in one way or another.

Source: Dark Reading

Companies are failing Active Directory security assessments.

 

Build an ever-ready security posture

Creating a cyber-resilient organization is impossible with only traditional monitoring tools, as they lack the depth and sight into Active Directory and Azure Active Directory required to catch today’s sophisticated attacks. You need to apply specific tools and tactics to prevent unwanted changes within AD—both on-premises and in the cloud.

But many companies are unaware of the security weaknesses in their Active Directory environments. In fact, in thousands of security assessments run with Purple Knight, a tool that scans for 60+ Indicators of Compromise (IOCs) and Indicators of Exposure (IOEs), the average score was 61%—a barely passing grade.

To guard against the escalating surge of identity-related threats, you need continuous security monitoring across the entire attack life cycle— before, during, and after an attack.

 

Detect and respond to Active Directory threats

Semperis Directory Services Protector (DSP) continuously:

  • Scans your hybrid AD environment for IOEs and IOCs
  • Provides unmatched visibility into shadow attacks that circumvent your SIEM’s sight
  • Automatically rolls back unwanted changes to sensitive accounts

“A few types of attacks—including DCShadow and Zerologon—that have been seen in the wild leave no discernable trail … The old model of watching AD audit events for changes is no longer viable.”

Guido Grillenmeier | Chief Technologist | Semperis

 

Gain control of your AD security posture

To guard against escalating Active Directory attacks, you need a continuous security assessment that will:

  • Discover vulnerabilities before attackers do, with 24/7 scanning of your hybrid AD environment to uncover security vulnerabilities and risky configurations and maintain proper hygiene
  • Stay ahead of ever-evolving threats by proactively hardening your hybrid AD against new adversary tactics and techniques with built-in threat intelligence from a community of security researchers.
  • Expose blind spots in the audit log by using multiple data sources, including the AD replication stream, to gain uninterrupted visibility into advanced attacks that SIEMs are blind to
  • Arm security analysts with actionable insights

Common indicators to look for in a continuous security assessment:

  • Privileged objects with unprivileged owners
  • Permission changes on the AdminSDHolder object
  • Unprivileged users with DCSync rights on the domain
  • Default security descriptor schema changes in the last 90 days
  • Computers and Group Managed Service Accounts (gMSA) objects with passwords set over 90 days ago
  • Reversible passwords found in Group Policy Objects (GPOs)
  • Anonymous access to Active Directory enabled
  • Zerologon vulnerability (CVE-2020-1472) if the patch is not applied.
  • Evidence of a Mimikatz DCSHADOW attack and the back door it creates

“Hardening AD begins with getting a handle on the vulnerabilities and common configuration and management mishaps that pave the road to compromises. To defend AD, administrators need to know how attackers are targeting their environment.”

Sean Deuby | Director of Services
Semperis

“Great product for peace of mind when protecting your Active Directory.” 

—Microsoft Systems Engineer, Infrastructure & Operations, $500M+ Services Company 

 See the full review on Gartner Peer Insights

 

Unlock cyber resilience Request a demo