What is Stoïk's Active Directory scan?

What is an Active Directory?

An Active Directory (AD) is a directory service provided by Microsoft operating systems. It enables the network administrator of a company to centralize user and machine authentication, manage permissions, and control access to network resources.

When dealing with a company that has an AD, attackers aim to become the system administrator. By doing so, they gain control over all workstations and servers, allowing them to exploit the attack.

Therefore, Active Directory is a prime target for hackers: at Stoïk, 85% of ransomware attacks affecting our insured clients were related to a configuration flaw in the AD.

Stoïk's Active Directory scan, in a few words

Stoïk Protect's Active Directory scan audits the configurations of the insured company's Active Directory to assess its security level. It identifies:

If user rights are too permissive.
If systems are outdated.
If the password policy is too weak.

The results of this audit highlight potential vulnerabilities, classified into 4 levels: low, medium, high, and critical. If a flaw is detected after the scan, the remediation steps necessary for resolution are provided in the "Active Directory" tab.

Two types of Active Directory coexist at Microsoft:

A local AD, known as on-premise, analyzed by Stoïk's Active Directory scan.
A Cloud AD, Microsoft Azure, whose configurations are analyzed by Stoïk's Cloud Scan.

The Active Directory scan, from a technical standpoint

The Active Directory Scan relies in part on a robust and proven open-source tool: PingCastle. Stoïk's cyber engineers have further developed it, integrating additional features, and continually improving it.