AD Security Assessment
Active Directory security is a hot topic. Some security professionals have made their living by uncovering vulnerabilities in directory services. Take for instance, Sean Metcalf at ADSecurity.org. He has an entire blog focused on Active Directory security. What tends to be lacking, however, is an easy-to-follow Security Assessment that highlights critical areas of concern in a Microsoft Active Directory and Windows environment.
Most organizations aren’t aware they even have a problem—as issues in their directory and server configurations aren’t picked up by traditional methods like anti-virus, SIEM, etc. There is a very real need for organizations to be given a set of Active Directory and Windows operating system best practices to follow.
For more information, please check out our Credential and Data Security Assessment.
AD Rollback and Recovery
Another critical need is the ability to easily and safely rollback and recover from malicious or accidental changes made to Active Directory. Customers have common requirements like:
- An administrator inadvertently changes attributes on multiple user accounts like address, phone number, or manager and needs to roll the changes back.
- A user, group, or computer is deleted and needs to be recovered with all attributes and group memberships reassigned.
- Members are inadvertently removed or added to groups and the changes need to be rolled back.
- DNS entries are modified and need to be rolled back to a previous state.
- Permissions have been modified on an organizational unit and must be rolled back to a prior state.
To best meet these requirements, organizations need to be able to focus on the information that matters most. The point-in-time recovery of AD objects, attributes, DNS entries, and entire domains enables them to restore all or just the information they need. The best part is they can accomplish this without downtime. Native AD tools simply don’t provide these capabilities.
For more information, please read the StealthRECOVER Data Sheet.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Brad Bussie is an award winning fifteen year veteran of the information security industry. He holds an undergraduate degree in information systems security and an MBA in technology management. Brad possesses premier certifications from multiple vendors, including the CISSP from ISC2. He has a deep background architecting solutions for identity management, governance, recovery, migration, audit, and compliance. Brad has spoken at industry events around the globe and has helped commercial, federal, intelligence, and DoD customers solve complex security issues.