Active Directory Threat Intelligence
Unrivaled threat intelligence into the most critical aspect of Active Directory.
Active Directory is Target #1
Active Directory is the target #1 for perpetrators today.
Active Directory is the #1 target for perpetrators today because it's the foundation of cyber security in Windows networks.
After all, all of an organization's user accounts and passwords are stored, protected and managed in Active Directory, all of an organization's computers are joined to, secured and managed from Active Directory, and access to all IT assets (files, folders, apps, portals, email etc.) is controlled using AD groups.
Thus, the compromise of the Active Directory gives perpetrators command and control over the entire IT infrastructure.
In fact, history is witness that in virtually all major recent cyber security breaches, including the Colonial Pipeline Hack, the SolarWinds Breach and so many others, the perpetrators targeted Active Directory.
Any organization whose foundational Active Directory is not adequately protected, could be the next victim of a breach.
Active Directory Attack Vector #1 - Privileged Access
Easiest way to compromise AD is by gaining privileged access.
What do the components that comprise 99% of Active Directory's attack surface, i.e. Domain Controllers, Active Directory privileged accounts and groups, AD contents, config data and admin workstations, have in common?
They are all represented by an object in Active Directory.
You see, literally everything inside Active Directory is an object, protected by an access control list (ACL), and in each AD, in thousands of ACLs lie millions of security permissions that govern and control exactly who has what access in AD.
These permissions control everything, from who can change the Domain Admins group membership to who can reset a Domain Admin's password to who can link a malicious GPO, to who can control every single privileged user and group.
Anyone who can correctly* analyze this ocean of permissions in Active Directory, could find a thousand ways to compromise any component of it's attack surface, and gain command and control.
* The correct analysis involves determining effective permissions.Paramount Active Directory Threat Intelligence
High-value, instantly actionable threat intelligence.
No Active Directory deployment in the world can be adequately secured without possessing high-value threat intelligence that can reveal exactly who can enact the following threats -
Run Mimikatz DCSync against an Active Directory domain
Change the Domain Admins group membership
Reset a privileged user's (e.g. a Domain Admin) password
Push a malicious GPO to a DC or any admin workstation
Create an inbound trust relationship with a rogue forest
After all, the enactment of a single such threat could instantly and directly result in an Active Directory Security breach.
* This is merely a very small list of threats enactable against Active Directory.
High-Value Active Directory Threat Intelligence
We uniquely deliver high-value AD threat intelligence.
The answer to who can enact all such threats against Active Directory lies in Active Directory access control lists (ACLs).
You see, from the domain root to the Domain Admins group, and from every privileged user's account to every trust relationship, everything in Active Directory is an object protected by an ACL.
A perpetrator can only enact these threats if he/she possesses sufficient effective permissions on the target Active Directory objects to enact the actions that constitute these attacks.
Consequently, one can identify who can enact all such threats by "accurately determining effective permissions in Active Directory, based on the permissions specified in AD ACLs."
Our unique, patented, Microsoft-endorsed access assessment technology can instantly analyze Active Directory ACLs to accurately determine effective permissions domain-wide, and uncover exactly who can enact these critical threats against AD.
Armed with such valuable threat intel, organizations can immediately take proactive measures to eliminate such threats.
Effective Permissions - The Key to Threat Intelligence
Effective Permissions are the key to correctly identifying actors who can enact all critical threats against Active Directory.
From Domain Admins to every privileged account and group, and from the Domain Controllers OU to every DC's and admin workstation's computer account, as well as the domain root, literally everything in Active Directory is an AD object.
Every AD object is protected by an access control list (ACL) that specifies who has what permissions on the object, and its the net cumulative resulting set of "effective permissions" that determines who actually has what access on the object.
It is not Who has what permissions in Active Directory but Who has what effective permissions in Active Directory that ultimately governs the security of all Active Directory content, including all privileged users and groups, content and DCs.
Thus, effective permissions are the key to identifying who can enact all such critical threats against Active Directory.
Our Unrivaled Threat Intelligence
Here are some examples of real-time Active Directory Threat Intelligence that only our solutions can deliver -
- Who could run Mimikatz DCSync against an Active Directory domain?
- Who could change the membership of the Domain Admins security group?
- Who could reset the password of any/every privileged user in Active Directory?
- Who could change the permissions specified in the AdminSDHolder object's ACL?
- Who could create a new inbound trust relationship or modify any existing trust relationship?
- Who could link a malicious GPO to instantly take over any or every administrative workstation?
- Who could modify the Active Directory Schema to make crippling irreversible changes to Active Directory?
- Who could change administrative control in Active Directory to instantly obtain access to all organizational IT resources?
- Who could launch a denial-of-service attack against any Active Directory integrated application/service? (e.g. Azure Connect)
- Who could link a malicious GPO to any OU to instantly gain command and control over thousands of domain-joined computers?
Our Unique Solution
Not a single threat against Active Directory content can be successfully enacted without the attacker possessing sufficient effective permissions/access to do so in Active Directory.
Gold Finger, our innovative Microsoft-endorsed Active Directory Solution is the world's only solution that can accurately calculate effective permissions/access in Active Directory. p>
It can automatically analyze the ocean of permissions domain-wide to identify all actors (accounts) that currently possess sufficient effective access to pose a threat to Active Directory.
Gold Finger can thus empower organizations with proactive mission-critical, real-time Active Directory threat intelligence that they could immediately use to substantially eliminate risks and bullet-proof their foundational Active Directory.
Gold Finger is architected by former Microsoft Program Manager for Active Directory Security and endorsed by Microsoft.
Our Global Customers