Active Directory Security Analysis

Get an overview of the actual security level in and around your Active Directory

Improsec performs an Active Directory Security Analysis to assess the current procedural and technical processes and controls in place that harden the environment to withstand, or reduce, the impact of a cyber security intrusion. The analysis provides an overview of misconfigurations and/or insufficient missing defensive measures, some of which may result in a complete enterprise compromise.

Value

  • Get an overview of the actual security level in and around your Active Directory

  • Identify insufficient or missing defensive measures that may result in a complete enterprise compromise

  • Test your resilience against a simulated cyber intrusion

  • Assess your current setup against vendor best practices (e.g. tier model implementation)

Method

Based on our extensive knowledge, and by using the mindset of a modern hacker, we will analyse whether the organization’s specific configuration can be exploited to spread a compromise from a single user account/computer to the entire Active Directory infrastructure.

Our analysis is based on “Best Practices for Securing Active Directory” guidelines from Microsoft combined with our knowledge and experience and will be conducted from a domain-joined Windows computer that is provided by you. Our technical tests require information to be extracted from Domain Controllers. We provide the scripts to be executed, the output of which enables us to gain a deep understanding of your environment.

We will analyse areas such as Domain Controller hardening and dependencies, password-policies and
-strength, forest and domain architecture, users and groups, capability to detect/prevent/respond to a cyber intrusion, patch management of operating systems and installed software, administrative and management policies and procedures, logging and alerting capabilities and backup/restore/disaster recovery capabilities.

Apart from our technical analysis and assessment, we also interview relevant parties from IT or third-parties etc. to gain broader knowledge on the procedures and policies in place and how well they are used in daily operations.

Product

The deliverable of the analysis is a written report containing the following:

  • A non-technical section with an Executive Summary for management and decision makers

  • A technical section including a prioritized list of identified vulnerabilities in both procedural and technical aspects, as well as tangible recommendations to mitigate and reduce the impact of a cyber intrusion and optimize the security posture of the Active Directory environment

Involvement

The delivery requires minimal involvement of your technical staff.