Somfy
I needed a tool which would talk to administrators so they would develop their security awareness and become so talented that they wouldn’t cause any new deviations. Tenable.ad's dashboards, alerts, and search capabilities fit that purpose entirely.
优势:
- Continuously monitor in real-time to discover weaknesses and misconfigurations
- 持续优化修复和缓解措施计划
KPI:
- Somfy's AD infrastructure comprised of 1 forest and 2 domains
下滚阅读完整案例分析。
How global manufacturer monitors and protects its Active Directory infrastructure
行业
制造
位置
法国
2019 年收入
€1,257.1M
建立持续监控和保护目录
Founded in France in 1969 and present in 58 countries, Somfy is the leading partner in all areas of building opening automation systems and a pioneer in the connected home sector. The group is constantly innovating to create homes that offer their users comfort, well-being, and safety to fulfill its vision of ‘‘inspiring a better way of living accessible to all.’’
五大应用程序和 13 个互补品牌的产品组合共助实现这一愿景:
- 开窗和遮阳板
- 室内卷帘和百叶帘
- 互联家居
- Security
- 访问控制
The entrepreneurial spirit of Somfy is embodied by the Group’s 6,070 employees in 117 subsidiaries, eight manufacturing plants, and 80 logistics centers and warehouses. Its presence on five continents enables the group to adapt its products and services to the specific needs and characteristics of its markets.
借由数字技术、创新和合作伙伴关系,Somfy 一直不断完善自身的价值主张,希望为所有利益相关者带来便利。
挑战
As a global player in home and commercial control systems, Somfy aims for the highest levels of innovation and advancement in its products and solutions. With several companies under its umbrella, Somfy’s security for intellectual property, design, and customer data spanning a vast directory infrastructure was paramount. As a part of its continuous improvement process, Somfy was seeking the best way to tackle unique AD security challenges. 这便需要有针对性地评估根域,从而识别所有问题。
识别现有弱点
Utilizing Tenable.ad for AD’s seamless, instant-on deployment, Somfy was able to immediately investigate and identify problems in real-time, each corresponding to one of Tenable.ad’s Indicators of Exposure (IoE). 一些重大问题与指标 AdminSDholder、根权限和 Kerberos 委派密切相关。AD 初始评估结果显示,众多群组中存在过量管理员的问题。
This initial connection between Tenable.ad and Somfy’s AD was vital, as the solution mapped the AD’s topology and identified any existing hidden attack pathways and weaknesses that could be leveraged by attackers.
子域复杂性
在初始对接和分析根域后,工作重点转移到了子域。However, a few challenges with the child domain showed potential loopholes and vulnerabilities. 其中包括:
- 全球众多地点有许多实体
- 许多 AD 管理员
- 一些管理员来自外包、第三方资源
解决方案
Following the initial assessment exploring existing weaknesses, misconfigurations, and attack pathways, the Tenable.ad solution provided step-by-step remediation tactics to prevent vulnerabilities and attacks. Due to Somfy's need to quickly acquire some additional expertise relating purely to AD, Tenable.ad’s reputable partner provided ongoing workshops to analyze each IoE. The partner organized a tailor-made mitigation plan based on Tenable.ad for AD’s real-time results available to Somfy senior staff through an intuitive, consolidated dashboard.
Thanks to the Tenable.ad platform’s consistent real-time AD monitoring, Somfy was able to perform continuous workshops to address each actionable IoE task, while relevant teams were equipped with Tenable.ad-proposed checkers to ensure each step was mitigated. 研讨会的设置基于各 IoE 的复杂程度,并可以帮助 Somfy 了解如何最大化利用 Tenable.ad 解决方案。
Once the mitigation steps were complete, Somfy’s security team cross-referenced via the Tenable.ad platform to check the security status. Somfy 可以监控自身的 AD 是否合乎标准,持续监控 AD,甚至可以获得制定合规规则的协助。
这种度量 AD 安全性的方法让安全团队受益匪浅。在完成缓解步骤后,便会继续监控根域,从而保护 Active Directory。由此,子域问题便已解决。
成果
An adequate delegation model was put into practice to avoid the use of built-in privileged groups.
- 一天内便可识别和缓解由 AD 管理员误引入的新安全问题。
- Systems and jobs configured with wrong credentials were spotted and located by the brute-force detection; their misconfiguration was fixed.
- 域配置的微调确保可将新加入的机器纳入安全修复 GPO 中。
- 重新配置了许多服务帐户,降低其对域的破坏。