Why conduct an active directory assessment?

Active Directory is an extensive and nuanced product, with a significant attack surface and continued research efforts.

The increased focus on security community research and the inclusion of AD attacks in threat actor playbooks shows that it is critical to conduct baseline hardening of insecure defaults and maintain point-in-time visibility of the attack surface.

By partnering with LRQA Nettitude, you gain experienced red team knowledge of attacker tactics, techniques, and procedures (TTPs) and an understanding of what works in modern enterprise environments.

Our security assessments can complement and reinforce existing assurance activities such as penetration testing. However, whereas broad-scoped penetration testing aims to locate a breadth of vulnerabilities across an entire infrastructure, a focused AD security review provides nuanced, pragmatic guidance that will make a meaningful difference in stopping attackers who have gained a foothold in the environment.

LRQA Nettitude’s active directory security audit

Our active directory security assessments are only conducted by experienced red team consultants, who have been operating in large, intercontinental networks for years.

Due to the specialist nature of this work and the large amount of data needing to be gathered and analysed, the testing, data gathering, and discussion with the technical staff phase usually takes two working weeks for a large enterprise environment. There will be three to five days extra for producing the technical deliverables. Certain nuances around heavily segregated or very large environments may increase this time, but we can discuss the details with you.

We will produce a full technical report that details each area for improvement and the underlying reasons. A technical summary for IT leadership will also detail any thematic observation, with each technical finding coming with detailed recommendations to increase the protective and detective posture of the network. Where complex topics and concepts are conveyed, we provide additional reading and supporting scripts and tools to understand the scope of the issue within the network, as well as proof of concept snippets (if required).

LRQA Nettitude can conduct this audit with conventional domain user privileges or from an elevated context.

This package of work can be undertaken on a standalone basis, or as part of a wider enterprise infrastructure security assessment. This can be complemented with password strength audits as well as an investigation into the configuration of System Centre Configuration Manager (SCCM), and Active Directory Certificate Services (ADCS).

Why conduct an active directory assessment?

Active Directory is an extensive and nuanced product, with a significant attack surface and continued research efforts.

The increased focus on security community research and the inclusion of AD attacks in threat actor playbooks shows that it is critical to conduct baseline hardening of insecure defaults and maintain point-in-time visibility of the attack surface.

By partnering with LRQA Nettitude, you gain experienced red team knowledge of attacker tactics, techniques, and procedures (TTPs) and an understanding of what works in modern enterprise environments.

Our security assessments can complement and reinforce existing assurance activities such as penetration testing. However, whereas broad-scoped penetration testing aims to locate a breadth of vulnerabilities across an entire infrastructure, a focused AD security review provides nuanced, pragmatic guidance that will make a meaningful difference in stopping attackers who have gained a foothold in the environment.

LRQA Nettitude’s active directory security audit

Our active directory security assessments are only conducted by experienced red team consultants, who have been operating in large, intercontinental networks for years.

Due to the specialist nature of this work and the large amount of data needing to be gathered and analysed, the testing, data gathering, and discussion with the technical staff phase usually takes two working weeks for a large enterprise environment. There will be three to five days extra for producing the technical deliverables. Certain nuances around heavily segregated or very large environments may increase this time, but we can discuss the details with you.

We will produce a full technical report that details each area for improvement and the underlying reasons. A technical summary for IT leadership will also detail any thematic observation, with each technical finding coming with detailed recommendations to increase the protective and detective posture of the network. Where complex topics and concepts are conveyed, we provide additional reading and supporting scripts and tools to understand the scope of the issue within the network, as well as proof of concept snippets (if required).

LRQA Nettitude can conduct this audit with conventional domain user privileges or from an elevated context.

This package of work can be undertaken on a standalone basis, or as part of a wider enterprise infrastructure security assessment. This can be complemented with password strength audits as well as an investigation into the configuration of System Centre Configuration Manager (SCCM), and Active Directory Certificate Services (ADCS).