Somfy

Desafios

As a global player in home and commercial control systems, Somfy aims for the highest levels of innovation and advancement in its products and solutions. With several companies under its umbrella, Somfy’s security for intellectual property, design, and customer data spanning a vast directory infrastructure was paramount. As a part of its continuous improvement process, Somfy was seeking the best way to tackle unique AD security challenges. Isso exigia uma avaliação direcionada do domínio raiz para identificar eventuais problemas.

Identificar os pontos fracos existentes

Utilizing Tenable.ad for AD’s seamless, instant-on deployment, Somfy was able to immediately investigate and identify problems in real-time, each corresponding to one of Tenable.ad’s Indicators of Exposure (IoE). Alguns dos maiores problemas estavam relacionados aos indicadores AdminSDholder, permissão de root e delegação de Kerberos.Os resultados da avaliação inicial do AD destacaram um número excessivo de administradores em muitos grupos.

This initial connection between Tenable.ad and Somfy’s AD was vital, as the solution mapped the AD’s topology and identified any existing hidden attack pathways and weaknesses that could be leveraged by attackers.

Complexidade do domínio filho

Após a conexão e a análise inicial do domínio raiz, a atenção se voltou para o domínio filho.However, a few challenges with the child domain showed potential loopholes and vulnerabilities. Entre elas:

• Muitas entidades em muitos locais do mundo;
• Muitos administradores do AD;
• Diversos administradores vindos de recursos externos e terceirizados.

Soluções

Following the initial assessment exploring existing weaknesses, misconfigurations, and attack pathways, the Tenable.ad solution provided step-by-step remediation tactics to prevent vulnerabilities and attacks. Due to Somfy's need to quickly acquire some additional expertise relating purely to AD, Tenable.ad’s reputable partner provided ongoing workshops to analyze each IoE. The partner organized a tailor-made mitigation plan based on Tenable.ad for AD’s real-time results available to Somfy senior staff through an intuitive, consolidated dashboard.

Thanks to the Tenable.ad platform’s consistent real-time AD monitoring, Somfy was able to perform continuous workshops to address each actionable IoE task, while relevant teams were equipped with Tenable.ad-proposed checkers to ensure each step was mitigated. Foi organizado um workshop para cada IoE de acordo com a complexidade; isso ajudou a mostrar para a Somfy como maximizar a solução Tenable.ad.

Once the mitigation steps were complete, Somfy’s security team cross-referenced via the Tenable.ad platform to check the security status. A Somfy pôde monitorar seus próprios padrões de conformidade para o AD, monitorar o AD continuamente e até receber assistência para estabelecer regras de conformidade.

Este método de calcular a segurança do AD gerou conquistas rápidas para a equipe de segurança.Depois que as etapas de mitigação foram concluídas, o monitoramento do domínio raiz continuou protegendo o Active Directory.Em seguida, o domínio filho foi abordado.

Resultado

An adequate delegation model was put into practice to avoid the use of built-in privileged groups.

• Novos problemas de segurança introduzidos por comportamentos inadequados de um administrador do AD foram identificados e mitigados em um único dia.
• Systems and jobs configured with wrong credentials were spotted and located by the brute-force detection; their misconfiguration was fixed.
• Um ajuste na configuração do domínio garantiu que as máquinas recém-conectadas ficassem sob a GPO de patches de segurança.
• Muitas contas de serviço foram reconfiguradas para reduzir a possibilidade de danificar o domínio.