Active Directory Security Assessment

The Active Directory is a central location for managing network resources, user objects and permissions. Safety flaws and potential vulnerabilities within the configuration can have a major impact on network security and increase vulnerability to cyberattacks.

To identify these security gaps and risks, conova uses Active Directory Security Assessment, a tool that completely examines the local Active Directory settings in your company for security issues. The backend uses the conova auditor license from PingCastle to generate detailed and extensive reports (maturity level and MITER ATT&CK display) in addition to the standard evaluations.

The individually evaluated areas are clearly presented in XML and HTML format. As part of an individual consultation, all results are analyzed by conova specialists and then discussed with you in detail. This gives you targeted optimization suggestions and recommendations to ensure secure AD-configuration in your company.

The “Active Directory (AD)” directory service, introduced with the Windows 2000 server has been in use for many years now. During this time, algorithms have changed and many companies have accumulated old burdens and issues related to computer- and user accounts, domain controllers and unused groups.

In order to avoid open gateways and security gaps for attackers, your infrastructure environments’ Active Directory should be checked in detail at least monthly. Old and unnecessary user and computer accounts should be deactivated or deleted. A regular security check provides results for a continuous improvement process. This is particularly important because we are constantly facing new vulnerabilities and risks (CVEs = Common Vulnerabilities and Exposures) and, of course, cyber criminals. The threats are steadily increasing.

The PingCastle tool allows you to carry out these necessary security checks independently and at regular intervals in order to maintain your local Active Directory settings.

The rules used in PingCastle are based on ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) and also the Miter Att&ck frameworks. The use of the integrated maturity model, which is based on CMMI (Capability Maturity Model Integration) categories, is recommended in order to continuously improve your own AD security.

After running the PingCastle Health Check, you will receive various reports, such as the ‘Risk model’.

This means:

• The first step is showing you how to use PingCastle optimally and to receive initial assessments and evaluate them accordingly. Together, we will initially clarify which configuration adjustments must be made immediately and which settings can be postponed. We provide you with advisory support during implementation in order to avoid errors in the adaptations and possibly deactivate services that we, for example, need as your IT service provider.

• The second step is checking whether the initial adjustments have led to an improvement in basic security. Finally, our experts will discuss further ‘to-dos’ with you.

View of maturity

MITRE ATT&CK representation

In addition to information regarding security gaps, the detailed reports generated by the Active Directory Security Assessment also contain further links with corresponding explanations as to why the current configuration may represent acute problems.