Oscar From Alsid
Use Case: Noble
Harnessing Innovation for Active Directory Security: How Noble Group continually protects its Active Directory infrastructure
Headquartered in Hong Kong with offices around the globe, Noble Group Holdings Limited (NGHL) sources, markets, processes, and supplies industrial materials, energy products, and special ores across the Asia-Pacific region. The organization also provides supply chain and risk management solutions to its clients. With a large footprint in the Asia, NGHL has greatly contributed to building an infrastructure in the region.
- Industry: Commodity Trading
- Location: Hong Kong
- Revenue: $46Billion (2016)
Lack of Visibility
As a major player in the commodity trading space, the Information Security team at Noble Group administers a vast, complex, and evolving IT environment. The organization understood the importance of Active Directory (AD) and utilized AD in day-to-day management, but it had not conducted any AD misconfiguration checks over the years. NGHL knew its Active Directory needed cleansing to help fix previous configuration-related issues and prevent future ones.
Changing AD Environment
Unfortunately, Active Directory misconfigurations and unlawful privileged rights can occur with routine changes, technology source upgrades, and new additions to the environment. This could endanger Noble’s infrastructure if not properly managed.
- 1 forest
Noble Group Stakeholders:
- 1 Administrator
- 1 Security Manager and CISO
Alsid dedicated team:
- 1 Technical Account Manager for the group
- 1 Senior AD Security Engineer for the group
- We want to integrate with the existing SOC
- Provide more insightful information
- Receive relevant information
Skill Set Deficiency
Active Directory was critical to the organization, and Noble needed to acquire an innovative, low-risk technology to support the labor- strained Information Security team in dealing with AD Security. The Information Security and IT teams were dedicated to perimeter security, as well as other infrastructure technologies supporting the vast network across the organization. But the most fundamental—Active Directory—was only used for password resets, permission delegation, and setting group policies. Regular monitoring of how these changes directly contributed to opening potential AD attack pathways was not conducted due to the lack of specialization and knowledge this task requires.
Following a comprehensive POC period, the seamless, nonintrusive Alsid solution provided instant-on deployment, which fitted flawlessly within Noble’s environment to support the numerous business entities. As cleaning up AD objects was a priority, the Information Security team gained immediate visibility and was able to see an abundant of dormant accounts, as well as an immediate, bird’s-eye view of high-risk accounts.
Noble relies on Alsid for AD’s least-privilege approach to highlight risky AD and GPO configurations and to provide concise details on changes to AD attributes and GPO settings.
As part of an extended integrated service for Noble Group, Alsid and its partner conduct monthly service reviews. Alsid customer success engineers analyze and identify high-risk objects requiring immediate remediation to provide actionable long-term and short-term goals for effective remediation.
Noble Group leverages Alsid’s ability to collect pre-existing AD states, and the organization has achieved operational hygiene by significantly cleaning up ‘forgotten’ OU within the domain and removing obsolete, unused computer object accounts. This is important, as many attacks are now using forgotten objects as an anchor to enter and compromise entire networks.
Hidden admin is a major concern for many organizations, Noble Group included. Permission and user rights are often overlooked, and without serious consideration and control, this can be abused by attackers. Discovery and remediation of dangerous permissions on computer and user accounts are critical. With Alsid, Noble Group achieved AD Security.
“Alsid’s ability to minimize AD-linked business risk through divesting and acquiring businesses is key. Alsid has provided deep visibility into AD-level business risk and allowed us to quickly identify both short- and long-term wins. We discovered potential weaknesses in our AD that, if they were discovered by an attacker, would have been dire for our network.”
Shane READ, CISO