Deep Inspection and Audit of Identity Services

Epiphany is focused on the finding the conditions that create risk within your identity management and access systems. As such, managing an identity in Epiphany is all about understanding how that identity is potentially being exposed and what that exposure means to your organization. Epiphany’s key strength is its ability to expose vulnerabilities and show their material impacts if a breach occurs.

You can use Epiphany’s Active Directory to do deep inspection of accounts and groups to understand relationships and where users get their rights.

Outcomes:

• You can use Epiphany’s Active Directory to identify users and groups with administrator rights in your environment. Ensure that these users meet your organization’s requirements regarding administrator rights.

• You can use Epiphany’s Active Directory to identify stale users and users who haven’t changed their passwords according to policy, thus identifying where you need to take action.

Scenario 1: Consistently Audit Domain Administrators and Groups With Admin Rights

You need to ensure that there are a defined number of accounts with domain administrator rights and that a strict process is followed to control access and use. Users and groups with administrative rights to local systems can be used to exploit a system and move through an environment if an account is weak or compromised. Users with administrative privileges need to be controlled via tighter policies. Epiphany consistently audits domain administrators and groups with admin rights to help prevent “admin creep.” Epiphany’s Active Directory shows many layers of details to help you audit administrators and groups.

Solution: Use Epiphany’s Active Directory to do deep inspection of accounts and groups

Active directory helps you to understand relationships and where users get their rights, and many other administrator details:

• The Active Directory page can show you nesting groups and creation of service accounts with administrator privileges. It provides a count of admins (which can be used as an auditing metric) and details as to whether an account is directly or indirectly granted admin privileges.

• Active Directory shows the number of groups with admin permissions, the number of users within these groups, and the number of devices under control per group.

• When a domain administrator logs into non-domain controllers, this risky practice is displayed on the Active Directory page. You can see the risk level of devices used by domain administrative accounts by drilling into the devices.

Scenario 2: Manage Account Policy

Accounts that are provisioned and never used are often an attack vector. Additionally, policies should require periodic changes of passwords. Accounts that are easily exploitable pose a risk to the environment. Epiphany can display stale users and users with credentials that are easily exploitable. You can use this information to identify credentials that need to be made more secure or users who no longer need access.

Solution: Epiphany’s Active Directory Shows Stale Users and Users with Credentials that are Easily Exploitable

Epiphany’s Active Directory page displays stale users as well as users who have not changed their passwords according to policy, as well as accounts that have credentials that are easily exploitable and pose a risk to the environment. This helps you pinpoint where actions need to be taken.

You can select a user and display detail about the user.

Effective Local Admin Rights Detail

You can easily view detail about admin groups.