Oscar From Alsid
Use Case: Somfy
Establishing continuous monitoring and security of
directories: How global manufacturer Somfy monitors and protects its
Active Directory infrastructure
Founded in France in 1969 and present in 58 countries, Somfy is the leading partner in all areas of building opening automation systems and a pioneer in the connected home sector. The group is constantly innovating to create homes that offer their users comfort, well-being, and safety to fulfill its vision of ‘‘inspiring a better way of living accessible to all.’’
This is achieved through five applications and a portfolio of 13 complementary brands:
- Shutters and solar protection
- Interior blinds and curtains
- Connected home
- Access control
The entrepreneurial spirit of Somfy is embodied by the Group’s 6,070 employees in 117 subsidiaries, eight manufacturing plants, and 80 logistics centers and warehouses. Its presence on five continents enables the group to adapt its products and services to the specific needs and characteristics of its markets.
By capitalizing on digital technology, innovation, and partnerships, Somfy is perpetually renewing its value proposal for all its stakeholders.
- Continuously monitor in real time to discover weaknesses and misconfigurations
- Continuously refine remediation and mitigation plans
- 2 domains
- 1 Forest
Stakeholders at Somfy:
- 3 Active Directory Administrators
- 1 Security Manager
Alsid dedicated team:
- 1 Alsid Technical Account Manager
- 1 AD Advanced Security Engineer
- Industry: Access Control Systems Manufacturing
- Location: France
- Revenue 2019: €1,200.2 million
As a global player in home and commercial control systems, Somfy aims for the highest levels of innovation and advancement in its products and solutions. With several companies under its umbrella, Somfy’s security for intellectual property, design, and customer data spanning a vast directory infrastructure was paramount. As a part of its continuous improvement process, Somfy was seeking the best way to tackle unique AD security challenges. This required a targeted assessment of the root domain to identify any issues.
Identifying Existing Weaknesses
Utilizing Alsid for AD’s seamless, instant-on deployment, Somfy was able to immediately investigate and identify problems in real time, each corresponding to one of Alsid’s Indicators of Exposure (IoE). Some of the major issues were related to the indicators AdminSDholder, Root Permission, and Kerberos Delegation. The results from the initial AD assessment highlighted too many administrators across numerous groups.
This initial connection between Alsid and Somfy’s AD was vital, as the solution mapped the AD’s topology and identified any existing hidden attack pathways and weaknesses that could be leveraged by attackers.
Child Domain Complexity
After the initial connection and analysis of the root domain, attention turned to the child domain. However, a few challenges with the child domain showed potential loopholes and vulnerabilities. These included:
- Many entities in numerous global locations
- Many AD administrators
- Several administrators coming from outsourced, third-party resources
Following the initial assessment exploring existing weaknesses, misconfigurations, and attack pathways, the Alsid solution provided step-by-step remediation tactics to prevent vulnerabilities and attacks. Due to Somfy’s lack of internal security expertise relating purely to AD, Alsid’s reputable partner provided ongoing workshops to analyze each IoE. The partner organized a tailor-made mitigation plan based on Alsid for AD’s real-time results made available to Somfy senior staff through an intuitive, consolidated dashboard.
Thanks to the Alsid platform’s consistent real-time AD monitoring, Somfy was able to perform continuous workshops to address each actionable IoE task, while relevant teams were equipped with Alsid-proposed checkers to ensure each step was mitigated. A workshop was set up for each IoE according to complexity and helped teach Somfy how to maximize the Alsid solution.
Once the mitigation steps were complete, Somfy’s security team cross referenced via the Alsid platform to check the security status. Somfy was able to monitor its own compliance standards for AD, continuously monitor AD, and even receive assistance to establish compliance rules.
This method of measuring AD security achieved quick wins for the security team. Once the mitigation steps were complete, monitoring of the root domain continued to safeguard the Active Directory. Following this, the child domain was addressed.
- An adequate delegation model was put into practice to avoid the use of built- in privileged groups.
- New security issues introduced by AD admin misbehavior were identified and mitigated within one day.
- Systems and jobs configured with wrong credentials were spotted and located by the Bruteforce detection; their misconfiguration was fixed.
- A tweak in the domain configuration ensured that newly joined machines fell under the security patching GPO.
- Many service accounts were reconfigured to reduce their capability to damage the domain.
“When I work on critical systems such as Active Directory, my objective is to empower administrators to actively guarantee security. I needed a tool which would talk to them so they would develop their security awareness and become so talented that they wouldn’t cause any new deviations. Alsid dashboards, alerts, and search capabilities fit that purpose entirely. While the security team defined the framework on how to operate AD, it is the AD admin who discovers and fixes the issues. The security team remains there to help, deal with incidents, and perform periodic controls.”
Didier CAMBEFORT, CISO