Attack path management

Active Directory and Azure are hot targets for threat actors.

In a world where identities are the new security perimeter, compromising identity platforms like AD and AAD provides the greatest payoff for attackers, ultimately giving them control of all users, systems and data within the organisation.

Misconfigurations in these services can create ‘attack paths’, or chains of abusable privileges and user behaviours, which can provide attackers with a route to sensitive data and / or administrator access.

The primary goal of our attack path management service is to provide a way of highlighting potential vulnerabilities in identity services, which in turn will allow organisations to mitigate the associated risks.

Cyber Security Analyst working on attack path management by inspecting code on laptop
Senior Penetration Tester working on attack path management tasks on laptop

Organisations often don’t have properly defined identity management processes in place, which means that users and devices can end up accumulating unnecessary access permissions.

Using our Attack Path Management (APM) service, organisations can chart relationships and connections within Active Directory and Azure Active Directory to gain a comprehensive understanding of the permissions given to individual objects, computers, and users. We also assess the impact that specific privileges have on overall security posture.

Method

Our APM toolset is non-invasive, meaning we can run the assessment without interrupting any normal activities. Our aim is to discover attack paths towards domain administrator privileges.

We can tailor the service to identify methods of access to areas containing sensitive data and methods to access sensitive applications, including:

  • Scoping to understand exact requirements.
  • Analysis of AD and AAD environment including:
  • Users, groups, devices and properties.
  • Security groups and domain trusts.
  • Abusable rights on AD objects.
  • Group Policies and OU structure.
  • SQL admin links, active sessions and privileges.
  • Vulnerabilities and misconfigurations.

Attack path management service overview

Key benefits:

  • Comprehensive mapping of relationships and connections within Active Directory and Azure Active Directory.
  • Empirical, or practical, measurement of the impact that particular privileges have on the security posture of your organisation, systems and network.
  • Precise and safe remediation advice.

Report

Cognisys presents its findings in a comprehensive yet simple report format.

This typically comprises: an executive summary, methodology, technical findings, and prioritised recommendations for remediation.

Let’s make things happen

Fill in the form and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements.

info@cognisys.co.uk
Leeds office

5 Park Place
Leeds
LS1 2RU

info@cognisys.co.uk
London office

131 Finsbury Pavement
London
EC2A 1NT

LET’S TALK

Discover how we’ve helped leading organisations

READ OUR CASE STUDIES

RECENT UPDATES

In Parallel achieves ISO 42001 at breakneck speed

CASE STUDY

In Parallel achieves ISO 42001 at breakneck speed

Learn how we helped In Parallel achieve their ISO 42001 certification, boosting their market credibility.

The biggest cyber attacks and vulnerabilities from September 2024

NEWS

The biggest cyber attacks and vulnerabilities from September 2024

Insights and trends from recent cyber threats and vulnerabilities from September.

IT manager using SmartScan to prioritise vulnerabilities, organising tasks based on severity to enhance security efforts.

BLOG

What is vulnerability management?

In this blog, we discuss what vulnerability management is, the lifecycle from discovering weaknesses to prioritising, resolving, and continuously improving defences to minimise cyber risks.