Contact Us

Active Directory Review

With 90% of organisations in the world running Active Directory (AD) as their directory and identity services, it’s highly likely it is running in yours. AD being one of those fundamental building blocks for the network means it was likely put in years ago and hasn’t been looked at since.

Review the configuration of your Active Directory and the attack paths within to reduce the impact of a cyberattack.

Issues in Hybrid Setups

The shift to all things cloud and SaaS also means you’ve likely got a hybrid cloud scenario and are synching your identities to Entra ID (Azure AD). Due to easy misconfigurations and unconscious default settings with all of the above, you may be making it easy for an attacker to pivot within and between your hybrid cloud and on-prem networks.

Privilege Creep

If your Active Directory Domain Services hasn’t been maintained well, you will likely have lots of user accounts, groups and other objects that will be stale and no longer used, or worse, over provisioned with way more permissions than is required.

A common scenario is when you have a user moving within the organisation and they gradually accumulate access levels beyond what that individual needs to do their job.

Enforcing Least Privilege

Reviewing your setup will likely uncover accounts which do not have the principle of least privilege applied. An example is when service accounts are given Domain Admin privileges when this is not required, increasing the risk for attackers to be able leverage these accounts for lateral movement and to complete their end objectives.

Your AD review covers:

  • Examine all domains, forests and trust relationships
  • Identifies common misconfigurations enabling feature abuse for lateral movement
  • Review all service, computer, user and privileged accounts
  • Attack path identification and risk based analysis of privileged users
  • Recommended events to enable to help detect signs of malicious activities
  • A report detailing recommendations and prioritised next steps

Key Features

  • Common misconfigurations

    Identify features and implementation mistakes that attackers will leverage to their advantage

  • Attack path mapping

    Discover specific choke points throughout the network that can impede lateral movement

  • Risk reduction

    Proactively minimize the likelihood of security incidents and data breaches

  • Wood you trust another?

    Determine how much trust you have between forests and what the blast radius could be

  • Implement least privilege

    Uncover users that have overly permissive permissions across domains

  • Detection recommendations

    Suggested event IDs that should be enabled to help detect signs of malicious activities

Have you made it easy for an attacker?

Review the configuration of your Active Directory environment and the attack paths within to reduce the impact of a cyberattack

Book an Active Directory Review now