“ADAssessor is really treading some ground that I haven’t seen before in a tool.” - VP of IT infrastructure,
            Data Intelligence Firm


            “Should  the  ADAssessor  be  a  default  security  control?  I  would  definitely  qualify  that it’s a  very
            foundational product.” - VP of IT infrastructure, Data Intelligence Firm
            The  time  to  value  is  almost  instantaneous  because  the  ADAssessor  tool  can  improve  Directory
            assurance programs by

              •    Finding weaknesses and misconfigurations across AD domains and forests
              •    Reducing the attack surface by eliminating excessive and unneeded privileges
              •    Detecting dangerous delegation that attackers can easily exploit
              •    Continuous testing & health scores
              •    Automated collection of information and dashboard viewing
              •    A streamlined dashboard that shows the domain, user, and device risks present in AD
              •    Reporting with substantiation

            Some specific examples of exposures found include finding domain replication backdoors, skeleton key
            vulnerabilities, DCShadow attacks, Kerberos vulnerabilities, misconfigured Kerberos delegations, hidden
            Security Identifier (SID), and weak LDAP Configurations.

            In addition to finding vulnerabilities overlooked due to resources, skills, and time, the ADAssessor makes
            deployment, understanding the risk, and remediation a snap. The solution installs on one endpoint per
            domain and doesn’t require any special privileges to operate.

            Assessments can run continuously and are viewable in the solution’s dashboard. The UI provides a
            health  score  along  with  insights  into  domain,  user,  and  device-level  risks.  Each  finding  comes  with
            MITRE ATT&CK mappings, details on the attack, and steps to remediate the incident, making information
            sharing amongst teams easy and providing the evidence required for actionable responses.

            In some circumstances, organizations can’t easily address vulnerable paths. For these situations, pairing
            the ADSecure solution with ADAssessor can also be very powerful for live attack detection. Some of the
            attacks detected include:

              •    Kerberoasting attack detection/prevention
              •    Domain privileges enumeration
              •    Silver ticket and golden ticket attack detection
              •    DCSync, DCShadow attack prevention
              •    Hide critical groups, domain admins, enterprise admins, etc.
              •    Prevent “Shadow Admin” account discovery
              •    Hide Critical Servers such as Exchange, IIS Web Servers, MSSQLsvc








                                                                                                              92