Improving Active Directory Security with Blue Team defense services

A few weeks ago, Bryan Patton wrote about using Microsoft's Enhanced Security Admin Environment (ESAE) to improve your Active Directory security.  Whether you make the decision to migrate to an ESAE environment, to an "Orange Forest", or to harden your existing environment, Quest can help you identify and remediate existing gaps as well as provide proactive management to prevent future gaps from developing across your Active Directory environment.

All organizations exercise the Blue Team philosophy to some extent to improve Active Directory security.  Some have a formalized policy which defines a group of IT security professionals whose full-time job is to harden the network. However most small to medium businesses can't afford the staffing to provide that level of dedicated effort, so security is a collateral duty to the existing administrative staff.  Don't get me wrong, security is EVERYONE's collateral duty.  But there is only so much the IT department can do with their limited time and resources.  And there's a limit to the effectiveness of end-user education.  There will always be the risk of accidental (or intentional) compromise of security, but that risk can be largely managed with the proper policies, processes and tools.

This is where Quest comes in!  We have both the AD management tools to automate some of the activities related to security and the talent to help you both implement them and train you how to use them effectively.  Quest Professional Services can also perform assessment activities to provide a snapshot of your current posture, compare your settings/configuration/policies to industry best practices and provide recommendations to harden your cybersecurity posture to help keep your company out of the news.

Assessment Services

Whether you need an end-to-end assessment of your AD security as a baseline, validation of your internal IT department efforts, or verification and documentation for regulatory compliance, Quest's AD Rights Assessment service provides a comprehensive snapshot of your current configuration.  Not only do we provide you with the settings you have selected, but also an explanation of the setting purpose, and recommended settings based on industry best practices.   Areas assessed include:  AD rights assignment, GPO settings and security, delegation of administration, privileged group membership, and more.

But that's just the beginning!

Just because you've given an individual or group the ability to do something, does that really mean that they "should" be able to do it or that they do it as a part of their normal activities?  Not always.  The unfortunate reality is that a large measure of control in an Active Directory environment is through "Security by Obscurity".  This means that individuals don't know that they have the ability to perform a function, so everyone keeps their fingers crossed and hopes that nobody does that function.  As part of the Assessment engagement, Quest will also install/configure tools to collect information on administrative activities within your environment over a period of time. 

At the end of the data collection time period, this data will then be analyzed to provide you a detailed, granular picture of rights that aren't being utilized (and can be removed).  Additionally, another snapshot assessment will be performed to help you measure progress toward your security goals as well as identify any new areas requiring attention.

Implementation and Training Services

Having the best tools in the industry doesn't help if they are not installed and configured correctly.  Nor are they helpful if you don't know how to effectively leverage them to manage your environment.  Quest Professional Services can perform end-to-end implementations which will result in AD tools that are functioning optimally and providing you with the real-time information and protection to manage your environment, mitigate any issues identified quickly and definitively, and recover from incidents authoritatively.  Our team will architect the deployment to best service your business, configure the tools to support your corporate policies, and provide you with the product knowledge necessary to ensure you are well-armed to fight the cybersecurity battle which is being waged all around us.

If you would like to discuss how we can best help, please feel free to reach out!

Anonymous