Active Directory Security Assessment
Service Overview ⫘
The Secureworks Active Directory Security Assessment (ADSA) enables you to leverage the experience and insights of the Secureworks Incident Response team to understand how attackers can exploit Active Directory (AD) misconfigurations and security control gaps to achieve their objectives.
Service Methodology ⫘
During the ADSA, Secureworks uses configuration review toolsets and interviews with your internal personnel to identify AD configuration management practices and relevant cybersecurity controls. Secureworks provides step-by-step instructions for you to collect the AD configuration data required to perform the technical assessment. Secureworks does not require interactive access to your IT environment.
Secureworks will examine the following:
-
Overall state of your AD
- Forest and domain levels
- Administrative model and delegation of administration
- Management of group policies
-
Attack vectors
- Shortest path to Domain Administrator
- Protected groups and overprivileged objects
- End of Life operating systems
- Domain trusts
- Kerberoastable accounts
- Unconstrained delegation
The ADSA is performed remotely (through online collaboration tools) and consists of an initial meeting, the assessment process, and a debrief. Additionally, a final report will be delivered to your point of contact.
Outcome ⫘
Secureworks will provide a point-in-time evaluation of the organization’s AD security configuration. The outcome of the evaluation will consist of the following:
- Practical recommendations to rectify identified deficiencies
- Recommendations for further strengthening AD security, based on Secureworks and industry-accepted practices for securing AD
- Identification of design flaws and vulnerable configuration
- Risk-prioritized action items and remediation guidance that includes levels of effort to implement
- Virtual debrief session with your key stakeholders to review findings and recommendations as well as provide a forum for a Customer-driven question and answer session
Secureworks will not perform remediation steps; however, our partners can provide such service as a part of a separate engagement.
Scoping Information ⫘
| Scope | Description |
|---|---|
| Active Directory Security Assessment - Small | Assessment of up to 2 Active Directory domains |
| Active Directory Security Assessment - Medium | Assessment of up to 5 Active Directory domains |
| Active Directory Security Assessment - Large | Assessment of up to 10 Active Directory domains |
Complex environments, optional service elements, and onsite visits may require additional Service Units and will be estimated in advance of engagement commencement.
The complete Service Description for this service can be found here: Active Directory Security Assessment