Without visibility, Active Directory can quickly be attacked. QOMPLX maps out the problem and actionable solutions.
A large and growing EMEA hypermarket retailer was concerned with its security posture and lack of visibility into its critical controls and active directory (AD) environment.
They hired a seasoned CIO to better operationalize core business functions, including migrating business-critical retail systems like point-of-sale (POS) and digital couponing services to a Microsoft Azure cloud environment, which expanded their attack surface and vulnerabilities.
The retailer needed visibility into its infrastructure and was worried about unauthorized POS operators authenticated through AD. Without visibility, the retailer knew its active directory was unnecessarily exposed and a target for bad actors.
The QOMPLX Advisory Services team used QOMPLX software to analyze the retailer’s AD infrastructure. The team’s goal was to determine how to bring the retailer to an enhanced state of cyber readiness.
QOMPLX identified quick, meaningful, and efficient risk mitigation strategies, including:
- Enterprise configuration improvements
- Improved hygiene around domain trust relationships
- Prioritization of critical vulnerabilities
- Elimination of stale accounts
- Detailed analysis of over-provisioned administrator accounts
- Visibility of potential attacks
- Detection strategies and playbooks
QOMPLX identified dozens of previously unknown “critical” or “high” vulnerabilities and built actionable “how to” guides to keep the problems at bay.
QOMPLX also identified and verified business critical trusts within the client’s AD network to ensure that all of the clients’ trusted network connections were valid and authorized.
The client gained a prioritized action plan to fix all deficiencies and a plan for future visibility through continuous monitoring.