Active Directory

What Is It?

Active Directory is the backbone of many organisations, it is Microsoft’s answer to how to store user and service accounts, their groups as well as provide a structure for managing the configuration of your computing estate.

Why Assess It?

There are many reasons to conduct an Active Directory security assessment, five of which are below.

Privilege Management

Active Directory contains groups which are commonly used to apportion privileges, not only in the domain itself but for applications that are configured to utilise Active Directory for their authentication. This privilege management is critical to ensuring robust access control across your organisations assets and helps to manage the supplier risk as partner companies are often given Active Directory accounts.

Securing Resilience

As Active Directory powers the fundamentals of your organisations computing estate it is critical to ensure its integrity going forwards, as if a single server was non-functional this would affect your organisations capabilities but if the entire Active Directory was non-functional then the consequences could be dramatic such as no employees being able to login in or access any of your services.

Auditing Validation

Across your organisation you require auditing of actions, to ensure that suspicious activity is alerted on as well as catching fault conditions early and supporting them to be triaged. Active Directory provides a link between endpoints, including servers and end user devices, that can be leveraged to provide effective auditing but given the number of configuration options it is important to ensure that your organisation is auditing the correct actions rather than everything possible due to retention issues and a large amount of unnecessary logs impeding your response ability.

High Profile Target

Threat actors have predefined objectives, a common requirement for them is to target Active Directory from the perspectives of initial entry, privilege escalation and persisting their access over time. As this critical component of your infrastructure is such a high profile and common target it is important to ensure that it has been security hardened sufficiently and that you have effective protective monitoring provisions to allow you to respond to any threat in an expedited fashion.

Organisational Wide Vulnerabilities

Your Microsoft Windows estate reaches far across the organisation and any vulnerabilities in Active Directory are likely to be accessible from anywhere on the joined network. This means that the severity of vulnerabilities in Active Directory tend to be serious in nature but on the counter side this means that any security fixes deployed in this component are likely to have a substantial improvement to the organisations security posture.

The Agility Cyber Approach

Like all our engagements, we want you to get the most out of your Active Directory security assessment and we do this by:

Indicators of Compromise

Whilst evaluating the Active Directory deployment we are always checking to validate there is nothing suspicious. As a structure it is often complex across organisations but we have a robust understanding and extensive expertise in understanding how threat actors abuse Active Directory, allowing us to provide additional insight and assurance.

Depth and Breadth

It would be simple to focus solely on the users, services and group memberships in an Active Directory deployment but this does not capture the real threats. We ensure we go through the entire structure as this allows us to find the obscure misconfigurations in policies rolled out, as well as more nuanced vulnerabilities.

Understanding Trust

Every organisation needs to have trust, both in its own systems as well as others because as organisations grow, especially when they consume other organisations, they often change how systems work and Active Directory is no different. We understand the balancing act between having trust and ensuring that trust cannot be abused and how this can be mitigated by structures in Active Directory.

Simplification of Configuration

Managing a vast estate of computing resources is complex, there are often tweaks to policies needed for specific servers, types of end user devices or user groups for example. This can exponentially increase the complexity of Active Directory. As part of the security assessment, we look to make practical recommendations to harmonise your configurations to both make clearer and improve your security configuration but to also alleviate the all too familiar administrative burden.

Architectural Understanding

Active Directory is not just a collection of settings, how it is structured is equally as important. We ensure that we share with you our expertise about how risks can be mitigated by architectural changes, ensuring that you have both short and long term options to secure operational resilience.

Benefits of Partnering with Agility Cyber

Mutually Invested

Our experts work with you, not against you. There are no egotistical celebrations when a serious issue is discovered, just rapid full disclosure with pragmatic suggestions for effective remediation followed by ongoing support.

Clarity and Simplicity

We always provide clarity, believe in simplicity and value your time. An example is rather than waiting until the engagement starts, we will conduct open source intelligence gathering activities before the scoping meeting to help us understand your organisations position and risk posture thus enabling us to ask better questions, securing you higher value and saving you time.

Full Consultancy

Our team, based in the UK, is technically exceptional but we pair that with business sense to discover, triage and help you remediate the full range of security issues.

Impartiality

We are impartial, we do not sell you products or the latest buzzword laden trending solution.

Outstanding Service

We have an industry leading turnaround, agility is in our name after all. Proposals are shared with you within 24 hours of the scoping meeting. Accurate and complete daily debriefs are given during every engagement. The report is shared within 5 working days at the latest.

Scroll to Top