DirectoryRanger
Audit & Reporting for Microsoft Active Directory
Active Directory
Active Directories are part of almost every large enterprise environment and it is a complex technology that is typically affected by every major security incident. There is no easy assessment approach available so far.
Active Directory Vulnerability Detection & Mitigation
Successful detection of “vulnerabilities” requires root cause analysis of incidents and “lessons learned” from that to reuse that knowledge and experience. Mitigating controls also require experience in large environments and a good understanding what is feasible and what is not. Talking about Active Directory security is not just talking about GPO settings.
Our approach
Automate identification of root causes for AD breaches and put our experience and knowledge into a tool. Make tool usable for daily business and ensure that everyone knows what he can expect from the tool.
Introducing DirectoryRanger
Our brand new tool to automate Active Directory audits and to create transparency.
Architecture of the Tool
The DirectoryRanger includes a web based interface for management and working with the tool. There are additional interfaces like import of data that was collected in an external environment and update of the plugins and application itself. Authentication is also implemented as an interface to an existing AD environment to integrate smoothly in your environment without adding yet another user database. All confidential data is stored encrypted to limit the impact in case of compromise.
Integration
As ERNW recommends the implementation of Administrative Tiers and Privileged Access Workstations as mandatory security controls the DirectoryRanger was designed with this and other security controls in mind. Resulting features include:
- Updating without access to other networks
- Web interface to avoid caching of sensitive credentials by Windows default behavior
- Principle of least privilege
- Custom hardening based on the requirements of the tool
Licensing
Licenses are based on the size of your Active Directory environment. Contact us to get a quote.
DirectoryRanger
- Collects security settings from Active Directory
- Also considers your operational procedures
- Maps results to industry best practices or a custom baseline
- Provides mitigation advice
- Creates transparency about your Active Directory
Presentation Logic
- Easy-to-use GUI
- Comprehensive reporting capabilities
- Rating based on ERNW AD expertise
Built-in security
- Only needs standard user privileges
- no software agents on server
- Includes concepts to be operated in isolated environments
Product updates
Be the first to hear about Directory Ranger progress and release dates. We'll keep you in the loop about the project's progress. Sign up now for our Newsletter: