Audit and Regulatory Compliance

Buy

"We are very pleased to see Paramount Defenses, a valued Microsoft partner, offer an innovative security solution (in Gold Finger) that helps enhance security and compliance in Active Directory environments."

Charles Coates, Senior Product Manager
Identity and Security Business Group

Active Directory is the focal point of Audit and Compliance

Active Directory - The Focal Point of Audit and Regulatory Compliance

At 85% of all organizations worldwide, the entirety of an organization's building blocks of cyber security (user accounts, computers, security groups, passwords etc.) reside in Active Directory, and for their management, a vast amount of privileged access has been provisioned and delegated in Active Directory.

In addition, the "Keys to the Kingdom", i.e. the most powerful privileged accounts and groups reside in Active Directory.

Considering the above, Active Directory is undoubtedly the focal point for governance, risk and compliance driven audits, and at 85% of organizations worldwide, a vast majority of security and privileged access audits involve Active Directory.

Privileged Access Audit in Active Directory

Privileged Access Audit - A Cardinal Requirement

Today there exist several regulations such as SOX, FISMA, PCI, ISO 27002, HIPAA and others to bolster organizational resiliency against cyber attacks, and if there's one cardinal requirement common to them, it is "accurate visibility into privileged access."

Given the vast amount of default and provisioned privileged access that exists in Active Directory deployments, accurate privileged access visibility requires a formal, fail-proof and systematic approach to accurately auditing privileged access.

An accurate privileged access audit provides organizations accurate visibility into privileged access in Active Directory, and it is the only correct way to trustworthily fulfill all such audit and regulatory compliance driven requirements.

Accurate Privileged Access Audit in Active Directory

Accurate Privileged Access Audits

Today, within most Active Directory deployments exist thousands of Active Directory objects, collectively protected by millions of security permissions that reside within the access control lists (ACLs) of these Active Directory objects.

Most organizations, vendors and auditors errantly believe that to accurately audit privileged access in Active Directory, they only need to audit "Who has what permissions in Active Directory."

However, there is one and only one correct way to accurately audit privileged access in Active Directory, and that is to audit "Who has what effective permissions in Active Directory.".

Accurate Privileged Access Audits thus involve the accurate determination of effective permissions in Active Directory.

Effective Permissions - The Keys to Privileged Access

From AdminSDHolder to Domain Admins, and from the default Administrator account to the CEO's domain user account, literally everything in Active Directory is an AD object.

Every AD object is protected by an access control list (ACL) that specifies who has what security permissions on the object, and it is the net cumulative resulting set of "effective permissions" that determines who actually has what access on the object.

Thus, what provides accurate insight into privileged access is not an audit of Who has what permissions in Active Directory but an audit of Who has what effective permissions in Active Directory.

As a result, to correctly find out who has what privileged access in Active Directory, organizations and auditors need to be able to accurately audit effective permissions in Active Directory.

Learn More

Our Unique Audit and Compliance Reports

Here are some paramount Active Directory Audit and Compliance Reports that only* our solutions can generate -

How many user accounts exist in Active Directory, and what is their status? (active, inactive, stale, expired, locked, last-logon etc.)
How many privileged users are there in Active Directory, how secure are their domain user accounts, and who can manage them?
Who can manage the accounts of and reset the password of the accounts of the organization's CEO, CFO, CIO and CISO?
Who is delegated what privileged access in Active Directory, where, what, and how?
Who can create, delete, manage and delegate control of OUs in Active Directory?
Who can manage domain user accounts, computer accounts and security groups in Active Directory?
Who can reset the password of any/every domain user account, or disable the use of two-factor authentication in Active Directory?
Who can change the membership of any/every domain security group to obtain access to all IT resources protected by it?
Who can launch a denial-of-service attack against any Active Directory integrated application/service? (e.g. Azure Connect)
Who can change administrative control in Active Directory to instantly obtain access to all organizational IT resources?

Note: Only our Active Directory Audit Tools can accurately generate reports 2 through 10 above.

Our Unique Solution

Gold Finger, our Microsoft-endorsed Active Directory Privileged Access Audit solution fully automates the accurate determination of effective permissions domain-wide, letting organizations perform accurate Privileged Access Audits.

The ability to perform accurate Privileged Access Audits in Active Directory provides organizations complete visibility into the state of privileged access in Active Directory, enabling them to fulfill a cardinal audit and regulatory compliance need.

Thus, our solution empowers auditors and organizations to accurately audit privileged access in Active Directory, thereby helping them correctly fulfill vital AD focused and governance, risk and compliance driven audit and compliance needs.

Gold Finger is architected by former Microsoft Program Manager for Active Directory Security and endorsed by Microsoft.

Learn More

Here's a quick overview of how our Active Directory Audit Tools help fulfill Active Directory focused audit and compliance requirements –