The Problem We Solve
To the adversary, Active Directory is:
Organizations’ applications, services, identities, and critical operations are built on top of AD. While taking control of AD may not be the end goal, no other tactic provides the guarantee of achieving the adversary’s true objective.
AD is used by nearly every enterprise. Adversaries can use the same skills to abuse organizations universally across their victims.
The same advanced administrative power features in AD are used by adversaries to persist and complete their objective without the use of exploits.
Enterprise defenders and IT architects do their best to eliminate risk, but their AD environment:
- Provides Zero Visibility: Windows and AD make it nearly impossible to audit privileges
- Constantly Evolve: New users, new machines, new environments, and user logins all add to and create new Attack Paths.
- Is Buried in Debt: Years of misconfiguration debt add Attack Paths and hide adversary activities
Current solutions aren’t addressing the problem
Traditional AD security solutions focus on listing thousands of generic configuration issues, mounting unobtainable corrective action debt on AD admins. Worse yet, the endless effort to resolve individual configuration issues are offset by new misconfigurations as environments undergo constant change in both size and complexity.
Best practices are impractical
Many turn to trying to address the root causes by attempting tiered administration and least privilege access best practices. Unfortunately, both are fantastic in theory but fall short in practice. Tiered administration often requires impractical architectural changes and least privilege is hampered by opaque and confusing effective privileges.
Attack Paths are a ubiquitous threat
The result is AD Attack Paths remain an unseen, unmanaged problem that continues to grow. Virtually every enterprise has tens of thousands of accessible Attack Paths and if an adversary can attack one AD, they can attack any AD.