Somfy
I needed a tool which would talk to administrators so they would develop their security awareness and become so talented that they wouldn’t cause any new deviations. Tenable.ad's dashboards, alerts, and search capabilities fit that purpose entirely.
Benefícios:
- Continuously monitor in real-time to discover weaknesses and misconfigurations
- Aprimoramento contínuo dos planos de correção e mitigação.
KPIs:
- Somfy's AD infrastructure comprised of 1 forest and 2 domains
Role para baixo para ler o estudo de caso completo.
How global manufacturer monitors and protects its Active Directory infrastructure
Indústria
Manufacturing
Localização
França
Receita de 2019
€1,257.1M
Como estabelecer o monitoramento contínuo e a segurança dos diretórios
Founded in France in 1969 and present in 58 countries, Somfy is the leading partner in all areas of building opening automation systems and a pioneer in the connected home sector. The group is constantly innovating to create homes that offer their users comfort, well-being, and safety to fulfill its vision of ‘‘inspiring a better way of living accessible to all.’’
Isso é obtido por meio de cinco aplicações e um portfólio de 13 marcas complementares:
- Persianas e proteção solar;
- Cortinas e blackouts;
- Residência conectada;
- Security
- Controle de acesso.
The entrepreneurial spirit of Somfy is embodied by the Group’s 6,070 employees in 117 subsidiaries, eight manufacturing plants, and 80 logistics centers and warehouses. Its presence on five continents enables the group to adapt its products and services to the specific needs and characteristics of its markets.
Utilizando tecnologia digital, inovação e parcerias, a Somfy está sempre renovando sua proposta de valor para todas as partes interessadas.
Desafios
As a global player in home and commercial control systems, Somfy aims for the highest levels of innovation and advancement in its products and solutions. With several companies under its umbrella, Somfy’s security for intellectual property, design, and customer data spanning a vast directory infrastructure was paramount. As a part of its continuous improvement process, Somfy was seeking the best way to tackle unique AD security challenges. Isso exigia uma avaliação direcionada do domínio raiz para identificar eventuais problemas.
Identificar os pontos fracos existentes
Utilizing Tenable.ad for AD’s seamless, instant-on deployment, Somfy was able to immediately investigate and identify problems in real-time, each corresponding to one of Tenable.ad’s Indicators of Exposure (IoE). Alguns dos maiores problemas estavam relacionados aos indicadores AdminSDholder, permissão de root e delegação de Kerberos.Os resultados da avaliação inicial do AD destacaram um número excessivo de administradores em muitos grupos.
This initial connection between Tenable.ad and Somfy’s AD was vital, as the solution mapped the AD’s topology and identified any existing hidden attack pathways and weaknesses that could be leveraged by attackers.
Complexidade do domínio filho
Após a conexão e a análise inicial do domínio raiz, a atenção se voltou para o domínio filho.However, a few challenges with the child domain showed potential loopholes and vulnerabilities. Entre elas:
- Muitas entidades em muitos locais do mundo;
- Muitos administradores do AD;
- Diversos administradores vindos de recursos externos e terceirizados.
Soluções
Following the initial assessment exploring existing weaknesses, misconfigurations, and attack pathways, the Tenable.ad solution provided step-by-step remediation tactics to prevent vulnerabilities and attacks. Due to Somfy's need to quickly acquire some additional expertise relating purely to AD, Tenable.ad’s reputable partner provided ongoing workshops to analyze each IoE. The partner organized a tailor-made mitigation plan based on Tenable.ad for AD’s real-time results available to Somfy senior staff through an intuitive, consolidated dashboard.
Thanks to the Tenable.ad platform’s consistent real-time AD monitoring, Somfy was able to perform continuous workshops to address each actionable IoE task, while relevant teams were equipped with Tenable.ad-proposed checkers to ensure each step was mitigated. Foi organizado um workshop para cada IoE de acordo com a complexidade; isso ajudou a mostrar para a Somfy como maximizar a solução Tenable.ad.
Once the mitigation steps were complete, Somfy’s security team cross-referenced via the Tenable.ad platform to check the security status. A Somfy pôde monitorar seus próprios padrões de conformidade para o AD, monitorar o AD continuamente e até receber assistência para estabelecer regras de conformidade.
Este método de calcular a segurança do AD gerou conquistas rápidas para a equipe de segurança.Depois que as etapas de mitigação foram concluídas, o monitoramento do domínio raiz continuou protegendo o Active Directory.Em seguida, o domínio filho foi abordado.
Resultado
An adequate delegation model was put into practice to avoid the use of built-in privileged groups.
-
Novos problemas de segurança introduzidos por comportamentos inadequados de um administrador do AD foram identificados e mitigados em um único dia.
-
Systems and jobs configured with wrong credentials were spotted and located by the brute-force detection; their misconfiguration was fixed.
-
Um ajuste na configuração do domínio garantiu que as máquinas recém-conectadas ficassem sob a GPO de patches de segurança.
-
Muitas contas de serviço foram reconfiguradas para reduzir a possibilidade de danificar o domínio.