FSProtect - Active Directory Security Assessment

argitaratzailea: Forestall Security

Reveal Active Directory security posture before the attackers

FSProtect - Resilient Active Directory with Ease

FSProtect reveals organizations’ Active Directory security posture before the attacker and enables you to quickly take the necessary precautions with the continuous vulnerability assessment.

Active Directory Inventory Mapping
FSProtect collects in-depth information and relationships of Active Directory objects and endpoints with the proprietary information gathering algorithms. Some of the analyzed objects can be seen below.

    • Users
    • Computers
    • Groups
    • Group Policy Objects
    • Organization Units
    • Service Accounts / Managed Service Accounts
    • Service Principle Names
    • Access Control Entries
    • Local Groups
    • Local Users
    • Network Shares

It presents this information in a form that can be easily searched, filtered, and exported in CSV format on the web interface. For example, the following information can be easily obtained through this interface.
    • Privileged User and Groups
    • Disabled/Locked Users
    • Service Users
    • Organizational Units with No Members
    • User with Local Administrator Privileges
    • Computers/Users with Most Sessions
    • Group Policies with No Linked Entities

Active Directory Vulnerability Assessment
FSProtect continuously detects Active Directory Specific vulnerabilities with no false positives thanks to its Vulnerability Detection Engine. In addition, custom tags are added into vulnerabilities for easier categorization. Vulnerability documentation contains the information below to accelerate vulnerability identification, remediation, detection, and prioritization process.

Active Directory Security Graph
FSProtect creates an organizational Active Directory Security graph when the scan is finished. This graph contains all domain inventory and their relationships in one interface. Using manual or built-in queries in the graph module, abnormal relationships, shortest lateral movement and privilege escalation paths and misconfigured access control entries can be easily detected. Some of the Built-in queries in the Graph Module.
    • Object with DCSync Rights
    • Non-built-in Admin Objects with WriteDACL Rights
    • Administrator Sessions to Non-Domain Controllers
    • Groups with Local Administrator Rights
    • Shortest Path to Admin Groups
    • Abnormal Rights which Domain User shouldn’t have

Begiratu batean