Active Directory Security Assessment
Our Microsoft-endorsed Active Directory Audit solutions let organizations accurately assess security, permissions and privileged access in their AD.
"We are very pleased to see Paramount Defenses, a valued Microsoft partner, offer an innovative security solution (in Gold Finger) that helps enhance security and compliance in Active Directory environments."
Charles Coates, Senior Product Manager
Identity and Security Business Group
Active Directory
Security Assessment
Active Directory Security is paramount to organizational cyber security because Active Directory is the foundation of cyber security and privileged access at 85% of all organizations.
To secure and defend their Active Directory from compromise, organizations require the ability to accurately, frequently and efficiently assess and audit the security of their Active Directory.
An Active Directory Security Assessment is a simple methodical assessment that organizations frequently conduct to assess the security of their foundational Active Directory.
A Wide Assessment Scope
An Active Directory Security Assessment involves the accurate identification of and an assessment of the security of all -
Active Directory Privileged Users* and Groups
Active Directory Contents and Configuration Data
Active Directory Logical Structure
Active Directory Backups
Domain Controllers and Administrative Workstations
Of these, a security assessment of the first three components involves analyzing Active Directory contents (e.g. numerous objects in AD and their attribute values, ACLs and resulting effective permissions), and a security assessment of the last two components involves assessing physical and systems security.
* In most Active Directory domains there exist a large and unknown number of users with delegated privileged access, which too need to be identified.
Automating
Active Directory
Security Assessments
A significant portion of Active Directory Security Assessments involves sophisticated Active Directory contents analysis.
For instance, the accurate identification of privileged users in Active Directory involves and requires the determination of effective permissions domain-wide.
Manually performing such sophisticated assessments requires proficient expertise, can take a considerable amount of time, and is inherently exposed to the risk of human error.
When it comes to security, accuracy is paramount, which is why such sophisticated assessments are best automated because automation delivers substantial time and cost efficiencies, and eliminates the risk of human error, delivering accurate results.
Our unique Active Directory security assessment tools automate even the most complex and sophisticated security assessment processes, thereby empowering organizations to accurately, efficiently and reliably fulfill most of this need.
Our Unique Assessment Insights
Here are some paramount Active Directory Security Assessment insights that only our solutions can deliver -
- Who can run Mimikatz DCSync against an Active Directory domain?
- Who can change the membership of the Domain Admins security group?
- Who can reset the password of any/every privileged user in Active Directory?
- Who can change the permissions specified in the AdminSDHolder object's ACL?
- Who can create a new inbound trust relationship or modify any existing trust relationship?
- Who can link a malicious GPO to instantly take over any or every administrative workstation?
- Who can modify the Active Directory Schema to make crippling irreversible changes to Active Directory?
- Who can change administrative control in Active Directory to instantly obtain access to all organizational IT resources?
- Who can launch a denial-of-service attack against any Active Directory integrated application/service? (e.g. Azure Connect)
- Who can link a malicious GPO to any OU to instantly gain command and control over thousands of domain-joined computers?
Our Automated Solution
Gold Finger, our innovative Microsoft-endorsed Active Directory Audit Tool Suite was specifically engineered to automate even the most sophisticated aspects of AD Security Assessments.
It empowers organizations worldwide to accurately, efficiently and automatically perform virtually all aspects of AD security assessments that involve the analysis of AD contents.
For instance, Gold Finger completely automates the accurate identification of privileged users in Active Directory domain-wide, reducing the amount required to do so, each time, by 99.99%
Gold Finger is architected by former Microsoft Program Manager for Active Directory Security and endorsed by Microsoft.
Here's a quick overview of how our specialized Active Directory Assessment Tools help organizations automate Active Directory security assessments –
Active Directory Effective Permissions Calculator
Fully-automated Active Directory effective permissions assessment
Active Directory Privileged Access Assessor
Fully-automated domain-wide Active Directory privileged access assessment
Our Global Customers
