Services

Security Services
Some activities we perform for customers:

  • Review the Active Directory configuration and provide recommendations to improve the security posture (Active Directory Security Assessment).

  • Align Active Directory security best practices with business process and requirements.

  • Evaluate the security posture of the virtualization platform infrastructure (VMware & Hyper-V).

  • Evaluate the security posture of the Microsoft Exchange email security configuration.

  • Leverage existing technology investments to improve enterprise security posture.

  • Perform research on new attack methods and provide briefings on effective mitigation and detection.

  • Provide Microsoft platform security expertise.

  • Help prioritize security remediation recommendations from a previous assessment.

  • Evaluate extranet/DMZ security zone for security issues.

  • Provide recommendations to improve endpoint security and attack detection.

  • Provide recommendations to improve detection of modern threat activity.

  • Help improve Blue/Red Team operations, methods, and tactics.

  • Act as part of your “team” to help improve security.

 

Active Directory Security
Active Directory is leveraged by approximately 90% of the world’s enterprises, many of which were stood up a decade (or more) ago. Responsible for the identity, management, and authentication in most enterprises, Active Directory security is key when it comes to protecting the enterprise. However, most organizations don’t have a consistent or comprehensive view of how to tackle enterprise security.

Modern Active Directory (AD) environments are not aligned to protect the enterprise from the current threats. The attack vectors that were theoretical ten to twenty ago are now practical. While the threats have changed over the past decade, the way systems and networks are managed often have not. We continue with the same operations and support paradigm despite the fact that internal systems are compromised regularly. We must embrace the new reality of “Assume Breach.”

Assume Breach
Going from the compromise of a single workstation to complete compromise of the enterprise network often takes less than an hour. The weekly news headlines call out an all too clear emerging pattern: years of security complacence has made full compromise of an organization all too easy. A solid perimeter defense used to be enough to protect the internal network and we managed our corporate network with the assumption that only authorized users were able to access it. The weakest link in an organization’s security strategy can lead to complete Active Directory forest compromise costing tens of thousands of hours in recovery time and millions of dollars in direct and indirect costs. Unfortunately, Microsoft’s recommendation for recovering from an Active Directory forest compromise is rebuild from scratch. Most organizations can’t afford the down-time or the cost associated with this “scorched earth” scenario.

Helping organizations better understand the shift from “defend the perimeter” to “assume breach” is key to moving from the decades old defense techniques to ones better suited to the current threat. The “Assume Breach” mentality is a paradigm shift where instead of wondering if an attacker could get into the internal network, we assume they are already there performing reconnaissance and mapping out enterprise resources more thoroughly than current documentation. “Defense in Depth” has never been more relevant and this presentation shows how effective this strategy can be in mitigating some of the most tenacious attacks. We focus on the “Assume Breach” mentality and how it can help shape a strong defense against the current attack profile carefully mapping out current attack techniques and the effective mitigation techniques.

It’s more important than ever to understand how attackers enter, recon, access and exfiltrate data, and elevate permissions to gain Domain Admin rights. Understanding the methods, tactics, and techniques of one’s adversary is critical in order to mount effective defenses.

Protect your Active Directory Environment

Trimarc provides a number of security services to better protect enterprises including Active Directory security assessments.

Penetration Test (“pentest”) and Red Team engagements identify a few exploit paths used to compromise the environment. Pentests and red teams are great to identify weaknesses in security controls and highlight visibility “blind spots”, but typically don’t provide a full picture of all the potential exploitation paths in an organization. This means weak spots in Active Directory security are likely to remain putting the enterprise at risk.

Our most popular service is an Active Directory Security Assessment which is a full review of the organization’s Active Directory security posture. Trimarc reviews Active Directory and identifies as many escalation pathways as possible that an attacker could leverage to take over AD. This Trimarc engagement scans the AD environment and identifies weaknesses that could be leveraged by an attacker to elevate privileges and/or persist in the environment, potentially without detection. We probe into the dark recesses of AD to root out potential issues to help our customers proactively resolve them. After scanning AD for security issues, we provide recommendations that improve the security posture.

Have you received a penetration test and/or red team report and aren’t sure where to start with remediation, especially on the Active Directory side?
We can help you wade through the modern security landscape, identify how to best remediate issues and navigate you through the security landscape of phrases like “credential theft” and “privilege escalation” and “mimikatz.”


Contracts

Trimarc customers leverage several contract options to gain and retain access to our Subject Matter Experts.

Contract options:

  • Per Project (set dollar amount for a service offering)

  • Short-term / Long-term engagement

  • Email access

  • Bundled hour blocks to “add” Trimarc SMEs to your team

Trimarc provides a variety of security solutions customized to meet each organization’s specific security needs and concerns. Please Contact Us for more information on how we can help you!