Somfy
I needed a tool which would talk to administrators so they would develop their security awareness and become so talented that they wouldn’t cause any new deviations. Tenable.ad's dashboards, alerts, and search capabilities fit that purpose entirely.
Beneficios:
- Continuously monitor in real-time to discover weaknesses and misconfigurations
- Mejora continua de los planes de corrección y mitigación.
KPI:
- Somfy's AD infrastructure comprised of 1 forest and 2 domains
Desplácese hacia abajo para leer el caso de estudio completo.
How global manufacturer monitors and protects its Active Directory infrastructure
Industria
Fabricación
Ubicación
Francia
Ingresos 2019
€1,257.1M
Definición del monitoreo continuo y la seguridad de los directorios
Founded in France in 1969 and present in 58 countries, Somfy is the leading partner in all areas of building opening automation systems and a pioneer in the connected home sector. The group is constantly innovating to create homes that offer their users comfort, well-being, and safety to fulfill its vision of ‘‘inspiring a better way of living accessible to all.’’
Esto se logra mediante cinco aplicaciones y una cartera de 13 marcas complementarias:
- Persianas y protección solar
- Persianas y cortinas interiores
- Hogar conectado
- Security
- Control de acceso
The entrepreneurial spirit of Somfy is embodied by the Group’s 6,070 employees in 117 subsidiaries, eight manufacturing plants, and 80 logistics centers and warehouses. Its presence on five continents enables the group to adapt its products and services to the specific needs and characteristics of its markets.
Somfy aprovecha la tecnología digital, la innovación y las asociaciones para renovar continuamente su propuesta de valor para todas sus partes interesadas.
Desafíos
As a global player in home and commercial control systems, Somfy aims for the highest levels of innovation and advancement in its products and solutions. With several companies under its umbrella, Somfy’s security for intellectual property, design, and customer data spanning a vast directory infrastructure was paramount. As a part of its continuous improvement process, Somfy was seeking the best way to tackle unique AD security challenges. Esto requirió una evaluación específica del dominio raíz para identificar cualquier problema.
Identificación de las deficiencias existentes
Utilizing Tenable.ad for AD’s seamless, instant-on deployment, Somfy was able to immediately investigate and identify problems in real-time, each corresponding to one of Tenable.ad’s Indicators of Exposure (IoE). Algunos de los principales problemas estaban relacionados con los indicadores AdminSDholder, Root Permission y Kerberos Delegation.Los resultados de la evaluación inicial de AD destacaron la existencia de demasiados administradores en numerosos grupos.
This initial connection between Tenable.ad and Somfy’s AD was vital, as the solution mapped the AD’s topology and identified any existing hidden attack pathways and weaknesses that could be leveraged by attackers.
Complejidad del dominio secundario
Tras la conexión inicial y el análisis del dominio raíz, la atención se centró en el dominio secundario.However, a few challenges with the child domain showed potential loopholes and vulnerabilities. Estos incluían los siguientes:
- Muchas entidades en múltiples ubicaciones globales.
- Muchos administradores de AD.
- Varios administradores procedentes de recursos subcontratados de terceros.
Soluciones
Following the initial assessment exploring existing weaknesses, misconfigurations, and attack pathways, the Tenable.ad solution provided step-by-step remediation tactics to prevent vulnerabilities and attacks. Due to Somfy's need to quickly acquire some additional expertise relating purely to AD, Tenable.ad’s reputable partner provided ongoing workshops to analyze each IoE. The partner organized a tailor-made mitigation plan based on Tenable.ad for AD’s real-time results available to Somfy senior staff through an intuitive, consolidated dashboard.
Thanks to the Tenable.ad platform’s consistent real-time AD monitoring, Somfy was able to perform continuous workshops to address each actionable IoE task, while relevant teams were equipped with Tenable.ad-proposed checkers to ensure each step was mitigated. Se organizó un taller para cada IoE según la complejidad, lo cual ayudó a que el personal de Somfy aprendiera cómo maximizar el aprovechamiento de la solución de Tenable.ad.
Once the mitigation steps were complete, Somfy’s security team cross-referenced via the Tenable.ad platform to check the security status. Somfy pudo monitorear sus propios estándares de cumplimiento para AD, monitorear continuamente AD e, incluso, recibir asistencia para establecer reglas de cumplimiento.
Este método de medición de la seguridad de AD permitió que el equipo de seguridad obtuviera beneficios inmediatos.Una vez que se completaron los pasos de mitigación, el monitoreo del dominio raíz continuó protegiendo a Active Directory.Posteriormente, se abordó el dominio secundario.
Resultado
An adequate delegation model was put into practice to avoid the use of built-in privileged groups.
- En un solo día, se identificaron y se mitigaron los nuevos problemas de seguridad introducidos por los comportamientos inadecuados de los administradores de AD.
- Systems and jobs configured with wrong credentials were spotted and located by the brute-force detection; their misconfiguration was fixed.
- Mediante un ajuste en la configuración del dominio, se aseguró que las máquinas unidas recientemente quedaran bajo el GPO de colocación de parches de seguridad.
- Se reconfiguraron muchas cuentas de servicio a fin de reducir su capacidad de dañar el dominio.