Active Directory is leveraged by approximately 90% of the world’s enterprises, many of which comprise over 100k systems and were stood up a decade (or more) ago. Responsible for the identity and authentication in most enterprises, Active Directory is key when it comes to securing the enterprise. However, most organizations don’t have a consistent or comprehensive view of how to tackle enterprise security.
Modern Active Directory (AD) environments are not aligned to protect the enterprise from the current threats. The attack vectors that were theoretical ten to twenty ago are now practical. While the threats have changed over the past decade, the way systems and networks are managed often have not. We continue with the same operations and support paradigm despite the fact that internal systems are compromised regularly. We must embrace the new reality of “Assume Breach.”
Going from the compromise of a single workstation to complete compromise of the enterprise network often takes less than an hour. The weekly news headlines call out an all too clear emerging pattern: years of security complacence has made full compromise of an organization all too easy. A solid perimeter defense used to be enough to protect the internal network and we managed our corporate network with the assumption that only authorized users were able to access it. The weakest link in an organization’s security strategy can lead to complete Active Directory forest compromise costing tens of thousands of hours in recovery time and millions of dollars in direct and indirect costs. Unfortunately, Microsoft’s recommendation for recovering from an Active Directory forest compromise is rebuild from scratch. Most organizations can’t afford the down-time or the cost associated with this “scorched earth” scenario.
Helping organizations better understand the shift from “defend the perimeter” to “assume breach” is key to moving from the decades old defense techniques to ones better suited to the current threat. The “Assume Breach” mentality is a paradigm shift where instead of wondering if an attacker could get into the internal network, we assume they are already there performing reconnaissance and mapping out enterprise resources more thoroughly than current documentation. “Defense in Depth” has never been more relevant and this presentation shows how effective this strategy can be in mitigating some of the most tenacious attacks. We focus on the “Assume Breach” mentality and how it can help shape a strong defense against the current attack profile carefully mapping out current attack techniques and the effective mitigation techniques.
It’s more important than ever to understand how attackers enter, recon, access and exfiltrate data, and elevate permissions to gain Domain Admin rights. Understanding the methods, tactics, and techniques of one’s adversary is critical in order to mount effective defenses.
Protect your Active Directory Environment
Trimarc provides a number of security services to better protect enterprises including Active Directory security assessments.
Our most popular service is an Active Directory Security Assessment which is a full review of the organization’s Active Directory security posture. This service scans the AD environment and identifies weaknesses that could be leveraged by an attacker to elevate privileges and/or persist in the environment without detection. We probe into the dark recesses of AD to root out potential issues to help our customers proactively resolve them.
You may have had a regular penetration test and/or red team engagement, but have you evaluated the security of your enterprise authentication, identity, directory, and management service, aka Active Directory?
Pentests and red teams are great to identify weaknesses in security controls, but they don’t unusually perform a full Active Directory security review, which means there are likely weak spots in Active Directory security.
Have you received a penetration test and/or red team report and aren’t sure where to start with remediation, especially on the Active Directory side?
We can help you wade through the modern security landscape and help identify how to best remediate issues and help you wade through the security landscape of phrases like “credential theft” and “privilege escalation” and “mimikatz.”
Some activities we perform for customers:
- Review the Active Directory configuration and provide recommendations to improve the security posture.
- Align Active Directory security best practices with business process and requirements.
- Evaluate the security posture of the virtualization platform infrastructure (VMWare).
- Review the Microsoft Exchange email security configuration.
- Leverage existing technology investments to improve enterprise security posture.
- Perform research on new attack methods and provide briefings on effective mitigation and detection.
- Provide Microsoft platform security expertise.
- Help prioritize security remediation recommendations from a previous assessment.
- Evaluate extranet/DMZ security zone for security issues.
- Provide recommendations to improve endpoint security and attack detection.
- Provide recommendations to improve detection of modern threat activity.
- Help improve Blue/Red Team operations, methods, and tactics.
- Act as part of your “team” to help improve security.
Trimarc customers leverage several contract options to gain and retain access to our Subject Matter Experts.
- Short-term / Long-term engagement with a set number of hours.
- Email access.
- Bundled hour bundles to “add” Trimarc SMEs to your team.
- Service option (set dollar amount for a service offering).
Trimarc provides a variety of security solutions customized to meet each organization’s specific security needs and concerns. Please Contact Us for more information on how we can help you!