Buy

Audit and Regulatory Compliance

Our Microsoft-endorsed Active Directory Audit solutions let organizations correctly fulfill AD focused audit and regulatory compliance requirements.

"We are very pleased to see Paramount Defenses, a valued Microsoft partner, offer an innovative security solution (in Gold Finger) that helps enhance security and compliance in Active Directory environments."

Charles Coates, Senior Product Manager      
Identity and Security Business Group

Microsoft Logo
Active Directory is the focal point of Audit and Compliance

Active Directory - The Focal Point of Audit and Regulatory Compliance

At 85% of all organizations worldwide, the entirety of an organization's building blocks of cyber security (user accounts, computers, security groups, passwords etc.) reside in Active Directory, and for their management, a vast amount of privileged access has been provisioned and delegated in Active Directory.

In addition, the "Keys to the Kingdom", i.e. the most powerful privileged accounts and groups reside in Active Directory.

Considering the above, Active Directory is undoubtedly the focal point for governance, risk and compliance driven audits, and at 85% of organizations worldwide, a vast majority of security and privileged access audits involve Active Directory.

Privileged Access Audit in Active Directory

Privileged Access Audit - A Cardinal Requirement

Today there exist several regulations such as SOX, FISMA, PCI, ISO 27002, HIPAA and others to bolster organizational resiliency against cyber attacks, and if there's one cardinal requirement common to them, it is "accurate visibility into privileged access."

Given the vast amount of default and provisioned privileged access that exists in Active Directory deployments, accurate privileged access visibility requires a formal, fail-proof and systematic approach to accurately auditing privileged access.

An accurate privileged access audit provides organizations accurate visibility into privileged access in Active Directory, and it is the only correct way to trustworthily fulfill all such audit and regulatory compliance driven requirements.

Accurate Privileged Access Audit in Active Directory

Accurate Privileged Access Audits

Today, within most Active Directory deployments exist thousands of Active Directory objects, collectively protected by millions of security permissions that reside within the access control lists (ACLs) of these Active Directory objects.

Most organizations, vendors and auditors errantly believe that to accurately audit privileged access in Active Directory, they only need to audit "Who has what permissions in Active Directory."

However, there is one and only one correct way to accurately audit privileged access in Active Directory, and that is to audit "Who has what effective permissions in Active Directory.".

Accurate Privileged Access Audits thus involve the accurate determination of effective permissions in Active Directory.

Active Directory Effective Permissions

Effective Permissions - The Keys to Privileged Access

From AdminSDHolder to Domain Admins, and from the default Administrator account to the CEO's domain user account, literally everything in Active Directory is an AD object.

Every AD object is protected by an access control list (ACL) that specifies who has what security permissions on the object, and it is the net cumulative resulting set of "effective permissions" that determines who actually has what access on the object.

Thus, what provides accurate insight into privileged access is not an audit of Who has what permissions in Active Directory but an audit of Who has what effective permissions in Active Directory.

As a result, to correctly find out who has what privileged access in Active Directory, organizations and auditors need to be able to accurately audit effective permissions in Active Directory.


Our Unique Audit and Compliance Reports

Here are some paramount Active Directory Audit and Compliance Reports that only* our solutions can generate -

  • How many user accounts exist in Active Directory, and what is their status? (active, inactive, stale, expired, locked, last-logon etc.)
  • How many privileged users are there in Active Directory, how secure are their domain user accounts, and who can manage them?
  • Who can manage the accounts of and reset the password of the accounts of the organization's CEO, CFO, CIO and CISO?
  • Who is delegated what privileged access in Active Directory, where, what, and how?
  • Who can create, delete, manage and delegate control of OUs in Active Directory?
  • Who can manage domain user accounts, computer accounts and security groups in Active Directory?
  • Who can reset the password of any/every domain user account, or disable the use of two-factor authentication in Active Directory?
  • Who can change the membership of any/every domain security group to obtain access to all IT resources protected by it?
  • Who can launch a denial-of-service attack against any Active Directory integrated application/service? (e.g. Azure Connect)
  • Who can change administrative control in Active Directory to instantly obtain access to all organizational IT resources?

     Note: Only our Active Directory Audit Tools can accurately generate reports 2 through 10 above.

Our Unique Solution

Our Unique Solution

Gold Finger, our Microsoft-endorsed Active Directory Privileged Access Audit solution fully automates the accurate determination of effective permissions domain-wide, letting organizations perform accurate Privileged Access Audits.

The ability to perform accurate Privileged Access Audits in Active Directory provides organizations complete visibility into the state of privileged access in Active Directory, enabling them to fulfill a cardinal audit and regulatory compliance need.

Thus, our solution empowers auditors and organizations to accurately audit privileged access in Active Directory, thereby helping them correctly fulfill vital AD focused and governance, risk and compliance driven audit and compliance needs.

Gold Finger is architected by former Microsoft Program Manager for Active Directory Security and endorsed by Microsoft.



Here's a quick overview of how our Active Directory Audit Tools help fulfill Active Directory focused audit and compliance requirements –

Active Directory Security Auditor
Active Directory Security Auditor

Perform numerous basic Active Directory inventory and security audits

Active Directory Membership Auditor
Active Directory Membership Auditor

Audit the complete membership of any Active Directory security group

Active Directory Permissions Analyzer
Active Directory Permissions Analyzer

Comprehensively audit Active Directory permissions domain-wide

Active Directory Effective Permissions Calculator
Active Directory Effective Permissions Calculator

Accurately audit effective permissions on any Active Directory object

Active Directory Privileged Access Assessor
Active Directory Privileged Access Assessor

Accurately audit privileged users/access in Active Directory domain-wide

Our Global Customers

  • Australian Government
  • United States Treasury
  • British Government
  • Government of Canada
  • British Petroleum
  • Ernst and Young
  • Saudi Arabian Monetary Agency
  • Juniper Networks
  • U.S. Department of Defense
  • Microsoft Corporation
  • United Nations
  • Quantium
  • Nestle
  • IBM Corporation
  • U.S. Federal Aviation Administration
  • Columbia University

Your Privacy

We use cookies to provide you the best online experience. Please let us know if you accept these cookies.