| |
| |
| | |
| |
|
|
|
|
THREAT 
In most organizations running on Windows today, numerous administrative and non-administrative personnel continue to possess delegated administrative rights even when current business needs no longer require them to do so. These unintended yet existent (thus unauthorized) delegated access grants endanger enterprise security because they provide the easiest means by which someone with an intent to harm (in many cases an insider) could easily cary out powerful administrative tasks (e.g. reset a password) and sidestep existing security measures (firewalls, anti-virus, data encryption etc.) to easily compromise security. Sadly, today these unauthorized access rights can be discovered by anyone with a domain account and possibly used to escalate their privilege. These unauthorized delegated administrative grants thus poses a serious threat to enterprise security. OVERVIEW An access assessment can help you determine who is delegated what administrative access in your Active Directory. An Active Directory access assessment allows an organization to accurately determine who all is delegated what administrative authority for which administrative authority in its Active Directory deployment. It is the only means by which an organization can obtain a reliable assessment of delegated access rights currently granted in their Active Directory deployment, and subsequently undelegate unnecessary delegation grants which left undone pose a serious risk to the organization. OBJECTIVE The objective of the access assessment is to enable you to accurately determine the identities of all administrative and non-administrative personnel that are currently delegated administrative authority in the organization's Active Directory. Armed with this information, you can determine and subsequently eliminate unauthorized delegation grants in your Active Directory, which left unmitigated (as they are today) pose a serious risk to the security of your Active Directory deployment. An access assessment thus allows you to identify and eliminate unauthorized administrative access in your organization. COVERAGE Our professional Active Directory access assessment comprehensively covers all Active Directory security grants and involves an assessment of resultant access on all vital IT assets stored in the Active Directory including user accounts, security groups, organizational units and group policies and results in the generation and delivery of clear and concise archivable reports detailing who has what access on these vital IT assets. PROCESS Our professional access assessment process involves an accurate security evaluation of the access grants in Active Directory. The service utilizes Gold Finger's innovative access assessment capabilities, architected by none other than former Microsoft Program Manager for Active Directory Security, to deliver highly accurate access assessment reports that reflect the true state of access entitlements granted in Active Directory. DELIVERABLES The findings of the access assessment are delivered in the form of a simple access assessment report that documents who is delegated what administrative authority in your Active Directory. CONFIDENTIALITY Our security professionals take pride in delivering world class service with absolute integrity. Your information never leaves your premises and no data is accessed or persisted anywhere without your prior knowledge and consent. You also have the option of requesting supervised access assessments and/or requesting that our security professionals use laptops provided by your organization for conducting the assessment. Our security professionals completely understand and respect the need for absolute confidentiality. LOGISTICS The access assessment is performed on-site at your location by our professionals in collaboration with your IT group. DURATION The access assessment usually requires only one business day to assess access across an entire Active Directory deployment. Organizations may request custom access assessments (e.g. assess access on all C*O accounts etc.) and such assessments would accordingly require additional time. BENEFITS Our professional Active Directory access assessment service can help you swiftly identify and eliminate unauthorized delegated administrative grants on vital Active Directory content, which left unmitigated pose a danger to enterprise security. SCHEDULING Our professional Active Directory access assessment service is scheduled on a first–come–first–serve basis. A minimum of one week notice is required to schedule an access assessment. For details or scheduling please refer to the Scheduling tab.
|
