Time to Help Microsoft and the Entire World

Folks,

As you know, today Microsoft’s Active Directory is the very foundation of IT and cyber security at 85% of all organizations worldwide, as well as at the foundation of most cyber security companies.

The compromise of an organization’s foundational Active Directory could have colossal consequences for the organization, as well as for all its stakeholders (i.e. customers, investors, partners etc.)

 

 

There recently has been a steadily increasing amount of attention being given to Active Directory Security, especially Active Directory ACLs, as they ultimately protect all Active Directory content.

For instance, attack vectors such as Mimikatz DCSync, Active Directory Privilege Escalation, Sneaky Persistence in Active Directory and Active Directory Botnets all target Active Directory ACLs.

 

 

Earlier this month, Microsoft finally agreed that recently Active Directory ACLs may in fact be getting a lot of attention these days, in a blog post titled – Active Directory ACLs – Attack and Defense.

Based on what Microsoft shared, it appears it may not seem to understand the depth of this challenge, so we had to share a blog post titled – Active Directory ACLs – Actual Attack and Defense.

 

 

Given the paramount role that Active Directory plays in organizational cyber security and IT today, we must do everything we can to adequately secure and defend Active Directory deployments.

Thus, in days to come,  I’ll be helping Microsoft and the entire world, by sharing with them exactly how they can adequately secure and defend their foundational Active Directory deployments.

 

 

Specifically, in days to come, you can expect the following insightful posts –

 

  1. What Constitutes a Privileged User in Active Directory?
  2. How to Correctly Audit Privileged Users/Access in Active Directory?
  3. How to Render Mimikatz DCSync Useless in an Active Directory Environment?
  4. How to Easily Identify and Thwart Sneaky Persistence in Active Directory?
  5. How to Easily Solve The Difficult Problem of Active Directory Botnets?
  1. Why the World’s Top Active Directory Permissions Analysis Tools Are Mostly Useless?
  2. Why is the Need to Lockdown Access Privileges in Active Directory Paramount to its Defense?
  3. How to Attain (Lockdown) and Maintain Least Privileged Access (LPA) in Active Directory?
  4. How to Securely Delegate and Correctly Audit Administrative Access in Active Directory?
  5. How to Easily Secure Active Directory and Operate a Bulletproof Active Directory Deployment?

 

Starting October 17, 2017, you’ll be able to find these posts over at the Active Directory Security Blog.

Thanks,
Sanjay

A Letter to the President of the United States Regarding Cyber Security

Folks,

Earlier today, I penned an open letter online to the President of the United States, Donald Trump, concerning Global and Cyber Security.

In this letter, I succinctly communicated my thoughts on three primary subjects – The Top-5 Risks to Global Security, The Risk of the Decline of American leadership and the Cyber Risk.

This letter is online on the Cyber Security Blog at – A Letter to President Trump Regarding Global and Cyber Security.

Best wishes,
Sanjay

30 Days of Advanced Active Directory Security School for Microsoft

Folks,

As you may know, to help Microsoft understand the subject better, I’ve been conducting Advanced Active Directory Security School for Microsoft at – The Active Directory Security Blog.

Since we started school, we have received requests from around the world for there to be a single place where folks can easily find these entries, so this blog post serves to fulfill that request.

 

30-Days of Active Directory Security Schooling for Microsoft –

Here are the entries –

 

In days to come, as we continue to proceed with schooling for Microsoft, I’ll have my staff keep this blog post updated.  BTW, you may also find this interesting – The Cyber Security Blog

Thanks,
Sanjay

Time to Help Microsoft, and the World, Better Understand Active Directory Security

Folks,

Today, the cyber security of every organization’s foundational Active Directory deployment is paramount to their security because Active Directory is the bedrock of organizational cyber security.

Considering that 100% of all major recent cyber security breaches including Snowden, Target, JP Morgan, Sony, Anthem and the OPM data breach involved the compromise and misuse of just one Active Directory Privileged User account, and considering the potentially colossal impact that an Active Directory Security breach could have on an organization, what else could be more important?

Now, for many years perpetrators have been using credential-theft attacks (Pass-the-Hash, Golden Tickets etc.) to gain privileged access in Active Directory, predominantly by targeting Windows machines to steal any administrative credentials that could be locally found on them. However, as credential-theft attacks become harder to enact, perpetrators have started shifting their focus and efforts on directly targeting and exploiting weaknesses within the Active Directory itself. The most concrete evidence of this is the introduction of the DCSync feature in the credential-theft hacking tool Mimikatz, that can exploit and leverage the presence of unauthorized/excessive “effective permissions” in Active Directory to effortlessly compromise the credentials of all domain accounts.

In our vast global experience of having assisted thousands of organizations from across the world for over a decade now, we have found that the foundational Active Directory deployments of most organizations worldwide may not yet be sufficiently protected from attacks aimed directly at identifying and exploiting such weaknesses within the Active Directory itself, primarily due to a complete lack of technical guidance (and consequently a lack of sufficient awareness) on the most critical aspects of Active Directory Security.

Thus, to help Microsoft (and organizations worldwide) better understand what it takes to sufficiently enhance the security of foundational Active Directory deployments worldwide, starting May 22, 2017, we will conduct a free 30-day blog series titled Advanced Active Directory Security School. For 30 days, each day, we will address a new topic. A shareable flyer can be downloaded here.

Everyone working on Active Directory and Cyber Security at Microsoft (and anywhere else), including Microsoft’s Windows/AD Product Dev Team, Azure Team, Cyber Security Team, Microsoft Consulting Services, Product Support Services, TwC Group, Microsoft IT, etc. is cordially invited, as are all IT and Cyber Security professionals at thousands of organizations across the world.

If you’re into Active Directory Security, you likely won’t want to miss this. We start on May 22, 2017, online, over at – http://www.active-directory-security.com.

Best wishes,
Sanjay

Active Directory Effective Permissions

Folks,

Today, I would like to cover a paramount cyber security topic, one that is at the very heart, root and foundation of organizational cyber security worldwide – Active Directory Effective Permissions.

 

Before I share its technical and other salient aspects, I should mention that not a single organization in the world that today operates on Microsoft Active Directory can be adequately secured without possessing this paramount cyber security capability, simply because nothing (i.e. not a single object) in Active Directory can be secured without possessing this fundamental capability

In other words, from Microsoft to the entirety of the Fortune 1000, and from the White House to the entirety of all government organizations worldwide, every organization requires this capability.

That said, let me share with you what Active Directory Effective Permissions
are and why they are paramount to cyber security today…

 

 

Active Directory Effective Permissions

Most simply put, Active Directory Effective Permissions are the security permissions that are effectively granted to various individuals in an organization on various objects in their Active Directory.

They keyword here is effective(ly) so let’s take a minute to comprehend it.

As you may know, in every IT infrastructure powered by Microsoft Windows Server platform, literally every building block of organizational cyber security, from the entirety of all organizational user accounts and privileged user accounts, to the computer accounts of the entirety of the organization’s computers, to the entirety of domain security groups used to facilitate secure access to all IT resources across the network, as well as the entirety of all group policies that are used to manage all organizational computers as well as their security, is an object in Active Directory.

Since each one of these objects, i.e. user accounts, computer accounts, security groups and policies etc. also need to be managed, Active Directory lets organizations precisely delegate/provision varying levels of access on these objects so as to enable organizational IT personnel and other involved stakeholders to be able to manage, modify and secure these Active Directory objects.

To do so, Active Directory protects each such object with a security descriptor that contains, amongst other parts, an access control list ACL, which is simply a collection of zero or more access control entries (ACEs), each one of which exists to Allow or Deny a specific type of access i.e. security permissions, to a specific security principal i.e. a user, security group, well-known SID etc.

Now, speaking of security permissions, Active Directory’s security model offers a rich set to choose from. There are almost a dozen generic security permissions (Read Control, List Child, List Object, Write Owner, Write DACL, Standard Delete, Delete Tree, Create Child, Delete Child, Read Properties, Write Properties), over five dozen specialized security permissions known as Extended Rights that control specific actions as well as several Validated Writes, so many security permissions could be specified for a specific security principal.

A highly simplified description of how it all comes into play is that when a specific security principal (such as a user, a computer or a service account) attempts (i.e. requests access) to perform a specific operation (that is controlled by one of the above mentioned Active Directory security permisisons) on a specific Active Directory object, the system subjects the request to an access check, which involves considering the security principal’s identity and its security affiliations (i.e. its security group memberships), then analyzing the target Active Directory object’s security descriptor (i.e. the various security permissions specified in the ACEs that comprise its ACL) to determine whether or not the requested access is effectively allowed. If it is, access is allowed, else, it is denied.

In short, simply put, if a security principal has the effective access (i.e. effective permissions) that it is requesting on an Active Directory object, then the access will be granted, else it will be denied.

To tie this to a real-world example, if an intruder attempts to reset the password of a Domain Admin, if he/she has sufficient effective permissions to do so on the object, the request will be allowed. Similarly, as you may know, if an intruder attempts to replicate secrets from Active Directory, if he/she has sufficient effective permissions to do so on the domain root, the request will be allowed. Likewise, if an intruder attempts to modify the permissions on AdminSDHolder in Active Directory, if he/she has sufficient effective permissions to do so on the object, the request will be allowed.

(As you probably know, if an intruder could successfully enact either of the above, it’d be Game Over right then and there, and strictly speaking, the entire organization would  be compromised.)

To make a long story short, every technical operation that can be performed on an Active Directory object (i.e. in business parlance, every administrative task that a user can enact on an IT asset stored in Active Directory) is based on a user having sufficient effective permissions to do so. If the user has the sufficient effective permissions, he/she will success, else he/she will fail.

The (trillion $) keyword here is effective permissions, which is best understood with an illustrative example.

 

 

An Illustrative Example

This esoteric yet paramount technical concept is best understood with an illustrative example, so let’s consider the ACL protecting the CEO’s domain user account –

As you can see, its complicated. There are many security permissions specified in the ACEs that comprise the ACL. Some security permissions are allowed, while others are denied, and some are specified explicitly while others have been inherited from the object’s parent. Further some apply to the object while others exist only to be inherited down by child objects. Finally, some are simple and specific such as Reset Password, while others are a combination of multiple permissions (displayed as Special) and then there are those that grant all permissions (displayed as Full Control.)

Given the complicated set of security permissions in an Active Directory object’s ACL, how does one determine what permissions a user is actually (i.e. effectively) entitled to on it, considering

    1. There are numerous permissions specified for numerous users, security groups and well-known security principals
    2. Security groups may be nested to multiple levels, thus effectively specifying access for large numbers of individuals
    3. There are over eighty different kinds of permissions and rights that could be granted or denied to security principals
    4. Permissions granted to a user in one ACE may be denied to the same user or security group in another ACE
    5. Permissions granted in an inherited ACE may be overridden by permissions specified in an explicit ACE
    6. Permissions specified in an ACE may or may not control access depending on the characteristics of the ACE
    7. A user could belong to multiple nested security groups, some of which may be allowed, and some denied, permissions
    8. Etc. Etc …

 

For instance, a user John could be a member of many groups including say, A1 and D1.  Now group A1 may be a member of group A2 which may be a member of group A3 which may be allowed Reset Password in an ACE in the ACL above, while group D1 may be may be a member of group D2 which may be a member of group D3 (which could also be a member of D2 i.e. a circular group membership, and) which may be denied Special (i.e. multiple) permissions in another ACE in the ACL above. Further there may be a permission denying Domain Users some access, and allowing Authenticated Users some access; both of these permissions will also influence John’s resulting (effective) access.

In light of these specific permissions, as well as other ones in the object’s ACL, whether or not John can actually reset the CEO’s password would be determined by the collective impact of all the security permissions in the object’s ACL, considering their characteristics (Allow, Deny, Explicit, Inherited, Applicable, N/A etc.) in light of all factors that influence resulting access in Active Directory.

In essence, simply put, Active Directory Effective Permissions are the resulting/resultant set of permissions (RSOP) that a user is entitled to on an Active Directory object, considering all the security permissions that exist in that object’s ACL, including permissions that may or may not directly specify access for the user, and in light of all factors that influence resulting access in Active Directory.

Thus, as one can see, in order to accurately determine the effective permissions granted to one or more users on this Active Directory object, one would have to methodically take into account every aspect and rule of Active Directory’s sophisticated security model, to make this determination, and of course do so with 100% precision, each and every time, one needed to determine this.

In other words, the accurate determination of effective permissions on Active Directory is by no means, easy.  It is also certainly neither the same as nor as easy as performing a simple Active Directory Permissions Audit, or for that matter attempting to write a simple (or even a very complicated) PowerShell script to do so. In fact, it is an order of magnitude more difficult to do so.

 

 

The Importance of Active Directory Effective Permissions

The ability to be able to accurately, efficiently and adequately determine effective permissions in Active Directory, i.e. on Active Directory objects is paramount to organizational cyber security today.

It is paramount because neither Active Directory itself, nor any of its content can be adequately secured without possessing the ability to assess who what effective permissions in Active Directory.

 

Consider this – What is the only way to answer each one of the following questions –

  1. Exactly how many privileged users are there in an organization’s Active Directory?
  2. Exactly how many privileged security groups are there in an organization’s Active Directory?
  3. Exactly who can reset the password of a privileged user to elevate privilege in an organization’s Active Directory?
  4. Exactly who can modify the group membership of a privileged security group to elevate privilege in an organization’s Active Directory?
  5. Exactly who can create, delete and manage user accounts, computer accounts, security groups, organizational units etc. in an organization’s Active Directory?
  6. Exactly who can instantly replicate secrets from Active Directory, and thus compromise the credentials of all accounts by using a tool such as Mimikatz DCSync?
  7. Exactly who manage the domain user accounts of the organization’s executives (Chairman of the Board, CEO, CFO, CIO, CISO etc.) in an organization’s Active Directory?
  8. If Smartcard authentication or other similar defense-in-depth measures (i.e. band-aids) are in use, exactly who can instantly disable their use in the organization’s Active Directory?

 

The answer:  Active Directory Effective Permissions.

Each one of the questions posed above are paramount to organizational cyber security today, and the only way to answer them is to determine effective permissions/access in Active Directory.

(Those who truly understand Windows Security know that not a leaf moves in Microsoft’s ecosystem without the Active Directory being involved. In a typical day, the Active Directory is involved hundreds of thousands if not millions of times that organizational employees go about doing their work, and in each case, Active Directory effective permissions influence the involved access.)

 

 

The Active Directory Effective Permissions Tab

The importance of effective permissions to Windows Security is best evidenced by the fact that of the four tabs in Microsoft’s native Active Directory management tooling, the first three being Permissions, Auditing, and Owner(ship), the fourth tab is for Effective Permissions. Thus, effective permissions are at least as important as are Permissions, Auditing and Owner(ship) –

Active Directory Effective Permissions Tab

 

Sadly, as important as effective permissions are, Microsoft’s Effective Permissions Tab for Active Directory is not only not 100% accurate, it is substantially inadequate (; been so for a decade now.)

Here’s why –

  1. It is not always 100% accurate, since it self-admittedly does not take all relevant factors into account
  2. Most importantly, it can only determine (an approximation of) effective permissions (granted to) ONE user at a time
  3. Finally, it cannot identify the underlying permissions in the object’s ACL that entitle a specific user to a specific effective permission

 

Although the inability to be 100% accurate in itself renders it unreliable and virtually useless (because when you’re trying to secure the very foundation of security, accuracy is paramount), the fact that it can only determine (an approximation of) effective permissions one (specifiable) user at a time also makes it almost practically unusable, because then the only way to definitively determine who has what effective permissions on a specific Active Directory is to enter the identities of all of the organization’s users ONE by ONE, to discover all those who do have effective permissions granted on the object, and to rule out all those who don’t have any effective permissions on the object. Such a laborious process could easily take days, if not weeks, per object, each time.

Finally, assuming that an organization is able to use it to accurately determine effective permissions in Active Directory and identify all individuals that currently possess effective permissions on an object, including those who are not supposed to be in possession of the same, the Effective Permissions Tab provides no indication whatsoever as to which underlying security permissions in the object’s ACL end up entitling these unauthorized users to these effective permissions. In other words, the HOW component is missing, and that is what makes it substantially inadequate.

For the sake of completeness, let me also mention that virtually all of Microsoft’s tooling that offers any ability to do any type of effective permissions analysis, such as dsacls, acldiag etc. all have the same deficiencies. In addition, most of the technical guidance and scripts provided/available on Microsoft TechNet are substantially inaccurate, as is this dangerously inaccurate free tooling.

 

Amazingly, today there are 100s if not 1000s of cyber security / enterprise security companies in the world, yet not one of them has a solution to audit effective permissions in Active Directory.

 

 

Except One

We are Paramount Defenses, and as its CEO, it is my privilege to share with you the world’s only accurate and adequate Active Directory Effective Permissions Calculator –

 

At the touch of a single button, it can instantly and accurately determine and reveal –

  1. The complete set of effective permissions currently entitled on a given Active Directory object
  2. For each entitled effective permission, the complete list of all users who currently possess that effective permission on that Active Directory object
  3. For each such user that is entitled to a specific effective permission, the underlying permissions that entitle the user to this effective permission on that Active Directory object

 

In essence, Gold Finger can instantly deliver the mission-critical intel that organizations absolutely need to adequately secure and defend their foundational Active Directory deployments.

Of course, it follows that if you can touch a button, you can now also instantly answer each one of the questions posed above in your organization’s foundational Active Directory deployment.

 

 

In Summary

The need to be able to accurately determine effective permissions in Active Directory is mission-critical to cyber security and is thus paramount to organizational security today.

No Active Directory deployment in the world can be adequately secured or defended without possessing the capability to accurately determine effective permission in Active Directory.

Every single organization in the world that operates on Microsoft Active Directory thus requires this essential cyber security capability to secure their foundational Active Directory deployments.

There are 100s if not 1000s of cyber security companies in the world today, yet not a single one of them has a solution that can fulfill this paramount cyber security need for organizations worldwide.

We are Paramount Defenses, and we can.

We care deeply about cyber security, and behind our ability to be able to uniquely help secure and defend organizations worldwide lies legendary vision, expertise and (a decade of) execution.

 

Best wishes,
Sanjay

 

PS: Hopefully I’ve been able to substantiate this claim (and I didn’t even need to talk about this or this to do so.)

PS2: July 25, 2017 update – here’s a more in-depth description of Active Directory Effective Permissions (; you likely won’t want to miss it.)

The Top-10 Ways to Gain Domain Admin Privileges in Active Directory Environments

Folks,

Six months ago we made the simple claim that we are the most important and valuable cyber security company today. In days to come, I will easily substantiate that claim, but/and before I can do so, I’d like to share with you the Top-10 ways in which an intruder or a rogue/coerced insider could gain Domain Admin privileges (i.e. the Keys to the Kingdom) in an Active Directory environment.

The reason this is so important, and in fact paramount, is that the compromise of a (even a single) privileged user’s account can easily result in a massive system-wide cyber security breach. Ask any well-informed CEO, CIO or CISO and they’ll tell you that this is the #1 cyber security challenge facing their organization and most organizations today. In fact, 100% of all major recent cyber security breaches (e.g. Snowden, Target, JP Morgan, Sony, Anthem, OPM) involved the compromise of a single Active Directory privileged user account i.e. a Domain Admin* account.

So, without further adieu, here are the Top-10 ways in which an intruder could easily gain Domain Admin privileges in an Active Directory environment –

Domain Admin Compromise

 

Top-10 Ways to Become a Domain Admin in an Active Directory Environment –

  1. Use the DCSync feature of the mimikatz hacking tool to obtain credentials of all domain accounts, including those of all privileged user accounts
  2. Modify the security permissions specified in the ACL that protects the domain root object to gain domain-wide privileged access  (; simply add an inheritable Allow Full Control permission.)
  3. Reset the password of any default or non-default administrative/privileged user account
  4. Modify the group membership of any default or non-default administrative/privileged security group
  5. Modify the contents of various objects in the System container or in the Configuration or Schema partitions (One of 100+ examples: modify defaultSecurityDescriptor attribute in Schema)
  6. Modify the security permissions specified in the ACL that protects the AdminSDHolder object to gain control over all default administrative/privileged user accounts and groups
  7. Modify the security permissions specified in the ACL that protects the Domain Controllers OU to gain control over the ability to link a compromising group policy to that OU
  8. Establish a cross forest trust or external trust with a forest controlled by the intruder/perpetrator
  9. Set the Password not required bit on any administrative/privileged domain user account
  10. If any form of MFA (multi-factor authentication, e.g. Smart cards) is in use, simply disable its use on target administrative/privileged user accounts, then instantly perform a password reset

 

It is these 10 simple ways of privilege escalation that serve as the technical basis upon which we had recently put forth the 10 Essential Cyber Security Questions for All Organizations Worldwide.

I should mention that these are merely the Top-10 ways to do so. There are many many more ways in which one could accomplish this objective, simply by modifying content in Active Directory.

An intruder only needs to find out who has sufficient effective permissions to be able to perform any one of the above, then compromise any one of those accounts, to have a golden starting point.

Incidentally, not a single one of these ways (mentioned or alluded to above) involve passing hashes or meddling with Kerberos tickets; they merely involve modification of Active Directory content.

 

The astute mind will have already deduced that these attack vectors can be mitigated by possessing one fundamental cyber security capability, which most organizations do not yet possess today.

In my next post, I will shed light on that one fundamental cyber security capability as well as substantiate our simple claim. (The astute mind will already have made the connect.)  Stay tuned.

Best wishes,
Sanjay

 

PS: This, i.e. 10 ways to gain Domain Admin privileges in Active Directory, is merely the Tip of the Iceberg, when it comes to what someone could do if they could modify Active Directory content.

PS2: Its 2016, not 2006. Ideally Microsoft should have helped its customers understand and mitigate these foundational risks years ago, by at the very least providing vital adequate technical guidance. Unfortunately, the underbelly of most organizations continues to remain vastly vulnerable to these risks, so considering the stats (100%), we felt an obligation to shed light on them.

Paramount Cyber Security Insight for Organizations Worldwide

Folks,

Apologies for the delay. In light of recent global events (i.e. the U.S. Elections) which are believed to have been influenced by possibly the world’s biggest cyber security breach yet, I just wanted to let the dust settle prior to commencing sharing perspectives, since what we have to share concerns the foundational cyber security of both business as well as government organizations worldwide.

Before I can substantiate our claim, I would like to respectfully share some fundamental yet paramount cyber security insight for all business and government organizations worldwide, in the form of a cogent presentation on Active Directory Security, that we built and released last month to help Microsoft, as well as all cyber security companies, better understand foundational cyber security –

Active Directory Security
To download the presentation, please click the image above or visit – http://www.paramountdefenses.com/defending-active-directory-against-cyberattacks.html

 

Executive and Cyber Security Leadership at organizations worldwide, as well as IT professionals involved in cyber security and IT management worldwide, may find it to be rather insightful & timely.

In my next post, I’ll share the Top-10 ways in which a perpetrator could easily elevate privilege to Domain Admin, and not a single one of them involves passing a hash or forging a Kerberos ticket.

Best wishes,
Sanjay

 

PS: They say that to the wise, a hint is enough, so if you’ve seen the presentation, you’ll likely agree that ideally we needn’t say a word more. Nonetheless, we’ll continue to share, because we care.

Its Time To Provide Thought Leadership to the Cyber Security Space

Folks,

At Paramount Defenses, we’ve silently been at work for over a decade now (2006 – 2016), and we have uniquely  solved arguably the biggest cyber security challenge the world faces today.

its-time

Having successfully done so, there’s much we have to share with the world, so in a few days to come, we will start sharing rare, high-value cyber security insight for organizations worldwide.

 

Our silence on this blog thus far has been intentional. Though we may have been silent here, in the last 6 months, we have shared much with the world at our other blogs –

  1. March 01, 2016 – The Paramount Brief – Declassified and Substantiated
  2. May 25, 2016 – Time to Provide Thought Leadership to the Cyber Security Space
  3. July 15, 2016 – Active Directory Security 101 for the World and the Black Hat Conference 2016
  4. July 15, 2016 – A Letter to Benjamin Delpy regarding Mimikatz and Active Directory Security
  5. July 19, 2016 – Time to Teach the World a Thing or Two about Active Directory Security
  6. July 26, 2016 – The Importance of Active Directory Security
  7. July 27, 2016 – A Simple $100 Billion Active Directory Security Question for Alex Simons at Microsoft
  8. July 29, 2016 – Active Directory Beyond the MCSE for the Black Hat Conference 2016
  9. August 01, 2016 – How to Lockdown Active Directory to Thwart the Use of Mimkatz DCSync
  10. October 14, 2016 – Time to Respectfully Take Microsoft to Active Directory Security School

 

In fact, yesterday we posed a simple Trillion $ Question for Microsoft.  If any cyber security company on the planet would like to take a shot at it, they may feel free to do so.

 

Starting November 01, 2016, it will be time to provide thought leadership to the cyber security space, right here on this blog. Stay tuned.

Best wishes,
Sanjay

Hello World

Hello World,

I’m Sanjay, Founder and CEO of Paramount Defenses. On behalf of our entire team, it is my privilege and pleasure to welcome you to our website and our blog, and pen our first official blog entry.

Ten years ago, I founded Paramount Defenses to help organizations worldwide secure and defend the very foundation of their cyber security, their foundational Active Directory deployments.

Today, I am happy to share with you that we uniquely help secure and defend the world’s most important, valuable and powerful business and government organizations in 6 continents worldwide.

Defending Organizations Worldwide

In fact, what we do at Paramount Defenses today is paramount to the foundational cyber security of Microsoft Corporation’s global customer base, comprised of 85% of organizations worldwide.

As the world’s most important and valuable cyber security company today, we take our responsibility seriously. (BTW I know that‘s a bold claim, so I’ll be happy to substantiate it in days to come.)

In days and weeks to come, via this blog and other vehicles, we intend to share insightful perspectives  to help organizations worldwide enhance and maintain foundational cyber security.

Best wishes,

Sanjay

 

PS: Earlier today, we also made a small announcement – Paramount Defenses to Donate Up To $ 50 Million of its Microsoft Active Directory Security Audit Software