Here's Why –
- Microsoft Active Directory is the core, foundation and heart of privileged access, administrative delegation and distributed security at 85% of organizations worldwide.
- The compromise and misuse of a single Active Directory privileged access user account can result in a colossal, systemic breach, and possibly shut down the entire organization.
- 100% of all major recent cyber security breaches (E.g. Snowden, Target, JP Morgan, Sony, OPM) involved the compromise and misuse of a single Active Directory privileged user account.
The Challenge in Privileged User Audit
Today organizations worldwide face a substantial challenge in their attempts to identify exactly who has the "Keys to the Kingdom" in their foundational Active Directory deployments.
This challenge concerns the 3 types of privileged user accounts that exist in every Microsoft Windows Server based IT infrastructure, and the ability of organizations to precisely identify them –
- Local Admin Accounts - These accounts exist on every Windows computer and their scope is limited to being able to access resources on that computer itself.
- Domain Unrestricted Admin Accounts - These accounts are all-powerful Active Directory domain accounts and can access every resource on every computer in an Active Directory domain.
- Domain Delegated Admin Accounts - These accounts are Active Directory domain accounts that have been delegated privileged access to facilitate the management of an organization's foundational building blocks of cyber security i.e. domain user accounts, computer accounts, security groups etc., all of which are stored, protected and managed in Active Directory.
Note: The scope of access of a domain delegated admin account is almost always substantially broader than that of a Local Admin account.
It is rather easy to identify Local Admin Accounts on Windows computers and today there are many solutions from many cyber security companies that can help identify Local Admin accounts.
However, given the system-wide access that Domain Unrestricted Admins and Domain Delegated Admins have, their precise identification is far more important than that of Local Admin accounts.
Unfortunately, it is substantially more difficult to precisely identify Domain Delegated Admin accounts than it is to precisely identify Local Admin accounts and Domain Unrestricted Admin accounts.
It is substantially difficult because it involves the precise determination of effective permissions/access on thousands of objects stored within Active Directory, a process that requires deep expertise.
Our Unique Privileged Access/User Audit Solution
Our innovative privileged access/user audit solution embodies authoritative expertise and is unique in its ability to empower organizations worldwide to be able to precisely identify both Domain Unrestricted Accounts and Domain Delegated Accounts in Microsoft Active Directory environments, helping them accomplish in minutes what could otherwise take years to do manually –
Our solution not only helps organizations precisely identify all Domain Unrestricted Admin Accounts and Domain Delegated Admin Accounts in their Active Directory, it also helps them identify the underlying security permissions that grant an individual specific privileged access, thereby empowering them to easily and reliably lockdown all identified excessive/unauthorized privileged access.
Our privileged access audit solution thus uniquely empowers organizations to know exactly who has the Keys to the Kingdom in their foundational Active Directory.