Use Case: Orica
Harnessing Innovation for Active Directory Security: How Orica Prioritized AD Security in Their Wider IT Operations
Founded in 1874 and headquartered in Australia, Orica is the world’s largest provider of commercial explosives and blasting systems for mining, quarrying, construction, oil, and gas sectors. They employee approximately 11,500 employees worldwide and serve customers in over 100 countries. Orica has a global supply chain and manufacturing footprint to deliver product and services to customers.
- Industry: Commercial Blasting
- Country: Australia (HQ) and more than 100 other countries
- Revenue: AUD 5.9 billion (2019)
While Active Directory (AD) is part and parcel of Orica’s IT infrastructure, this core component was not prioritized as a potential single point of failure for operations. Management of AD by the in-house IT team was focused on maintaining availability of services and minimizing service disruption. Amid other competing work priorities, Orica’s AD environment fell into a state where security configurations were not properly maintained, and the skill set to make the necessary changes deteriorated. Lastly, while the in-house Security Operations Centre (SOC) had several security agents deployed to endpoints, servers, and on the network, there was no visibility on what activity was occurring within AD itself.
- 3 domain
- 1 forest
- 2 Engineers
- 1 Security Manager
- IT Infrastructure Manager
Alsid Dedicated Team
- 1 Technical Account Manager
- 1 Engineer
Integration Plan Insights
- Integration into managed security service
Through an Alsid POC, Orica was able to get real-life insights into the current AD security posture. It highlighted several weaknesses that could potentially lead to account and domain compromise. The ability to see such vulnerabilities enabled the security and infrastructure team to realign their focus and reignited the importance of securing Active Directory across the wider IT team.
Alsid also helped address gaps in AD subject matter expertise. Most IT teams rely on generalist system administrators to maintain their domains. Even when issues are known, additional information is required before it can be remediated. Alsid provided the IT team with information on the complexity of the issue, what to prioritize, and, most importantly, what steps the team could take to correct the situation. This empowered the IT team to focus on fixing issues, rather than accepting them.
Addressing a Lack of Visibility
Following the POC, the IT team accepted the need for continuous monitoring and the ability to track changes in real time on the most critical parts of the directory. The initial discovery was followed with the instant-on deployment of the agentless, non-intrusive Alsid for AD solution. Incorporating the Alsid alerts into their Security Operations Centre enables Orica to continuously monitor for suspicious activity on AD, adding an additional layer of detection.
Visibility was also missing for IT management. The POC and later the production deployment have provided management with an overview of the AD security posture and the rate of improvement.
The incoming CISO identified four needs that Alsid could fulfill:
- Insight into the security posture of AD – This allows identification of potentially dangerous configurations. As changes take place daily within an AD, continuous monitoring, resolution of misconfigurations, and attack pathways became paramount.
- Guidance to the in-house team on how to remediate – With a shortage of internal Active Directory security expertise, the power of Alsid was used to empower the IT teams to make the security-specific changes within the domain.
- Provide alerting on suspicious activities occurring on the domains – The SOC needs to be aware of suspicious activity as soon as possible. Alsid’s trail flow and Indicators of Exposure provide alerts with high levels of confidence on activities that require further investigation by the SOC.
- Provide continuous monitoring of the AD configuration – As well as the infrastructure and security teams, IT management gained visibility into a critical part of Orica’s technology ecosystem. This ensures AD remains secure.
- Reduction in number of critical and high exposures with AD
- Trail flow alerts sent to SOC for continuous actioning
- Monthly reporting on security state of AD as part of IT KPIs