Lion

Challenges

When he joined Lion, one of Rossato’s top priorities was implementing Tenable Identity Exposure. “I wanted to grasp the configuration of our Active Directory environment and work on a program to address our security needs,” he explains.

Like most organizations, Lion had an opportunity to enhance security in the Active Directory environment. “An organization’s security posture for Active Directory deteriorates over time, and requires ongoing focus to ensure secure configuration within Active Directory,” says Rossato.

Solutions

Rossato knew, from previous experience with the tool, that Tenable Identity Exposure would enable him to understand the security posture of the Active Directory environment and determine whether it was being properly managed. “We needed an appliance or a control that could independently but continuously provide visibility of what our Active Directory configurations look like,” he says.

The complete visibility provided by Tenable Identity Exposure allowed Lion to make immediate improvements, beginning with the architecture. The Active Directory consisted of a forest with three domains, one of which had a sub domain and was the only one being used. The two that were not being used were removed, leaving the organization with a single domain and subdomain. This immediately reduced the organization’s attack surface while improving its overall risk posture.

The team also made immediate improvements in performance. They could see failed logins, including scripts with credentials that were failing and, as a result, causing performance issues. Because the team could see that the scripts themselves were broken, they could confidently turn the scripts off without the fear of causing something to break.

Results

Tenable Identity Exposure was able to identify security issues present in the environment. “Tenable Identity Exposure very quickly gave us visibility into Active Directory, including the actual configurations and misconfigurations that were in place. We got a clear risk lens and action plans to remediate security issues, which allowed us to set up the program of work that we’ve been on ever since,” he says.

Because Tenable Identity Exposure provides remediation advice that is specific to Lion’s environment, the infrastructure team understands both what to fix and exactly how to fix it. This eliminates the need to research how to resolve an issue as well as the temptation to ignore it. “You’re able to improve the security of your AD environment and educate the team that’s meant to support it, which is one of the unspoken benefits of Tenable,” Rossato says.

Tenable Identity Exposure also assigns a score to the Active Directory security posture, allowing Lion to measure security over time. Rossato established a posture target for the AD team, empowering them to make the necessary changes to achieve it. By tracking progress against the score, team members were motivated to not just meet the target, but stretch themselves to further improve the security score.  “With Tenable Identity Exposure, we can go on that journey of continuous improvement and keep pushing up the bar of performance.”

With the visibility provided by Tenable Identity Exposure, everyone knows exactly what to do to get there – as well as how far they’ve come. “We have substantially improved the security set up of our Active Directory with Tenable Identity Exposure,” says Rossato. “It’s an excellent tool. Whenever a CISO asks me what tools we’re using that deliver value, I tell them Tenable Identity Exposure.”