Menu
Open Search

Microsoft’s Active Directory (AD) is the most widely used authentication and authorization solution in enterprise Information Technology (IT) networks globally. AD’s prevalence across infrastructure landscapes along with the critical services it provides make it a frequent target for threat actors seeking to carry out malicious activities. Unfortunately, it is often susceptible to compromise due to its permissive default settings, the complex relationships between permissions, and a lack of accessible tooling for diagnosing AD security issues. Numerous attack tactics exploit these issues, and Active Directory abuse is often leveraged to achieve persistence, lateral movement, and privilege escalation, amongst other cyber kill chain objectives.

Organizations can significantly improve their AD posture by:

  • Securing administrator accounts
  • Limiting privileged access
  • Decommissioning insecure protocols
  • Deactivating unused accounts
  • Implementing strong authentication methods

In alignment with its overall mission to secure critical infrastructure, SC CIC developed the Active Directory Security Assessment service to help participants better secure this important attack surface. The goal of an Active Directory Security Assessment is to help participants evaluate their AD security posture and provide actionable guidance to help reduce the risk and impact associated with a security incident.

During an Active Directory assessment, SC CIC queries the target organization’s AD environment to identify vulnerabilities, misconfigurations, and attack paths that a threat actor could use to carry out malicious activities. Participants are then provided with a robust report that details the findings, offers guidance on steps to take for remediation, and provides additional material to foster a better understanding of their environment. SC CIC security analysts are also available as needed for consultation which can provide further insight and clarity for SC CIC’s Cyber Liaison Officers (CLOs). Additionally, a risk score is generated to quantify improvements over time. These metrics provide the SC CIC team with valuable insight into postural trends within the individual sectors and the state, enabling better support for all participants.

 

If you represent a critical infrastructure organization and are interested in any of the SC CIC services, please complete the Join SC CIC form here.

Need to report an incident?

If you are a South Carolina critical infrastructure organization experiencing an incident, report it here.