Today Active Directory Security is mission-critical to organizational security worldwide and thus mission-critical to Cyber Security worldwide. On this blog, former Microsoft Program Manager for Active Directory Security, and today, CEO of Paramount Defenses, shares valuable technical insights on Active Directory Security.

Monday, January 23, 2017

Gold Finger - The World's Best Active Directory Audit Tool


Hope your New Year's off to a good start. As I had indicated a few days ago, starting January 26th I'll be sharing some valuable insights on Active Directory Security; until then just wanted to get some very basic stuff out of the way; this one being the 9th.

Today most organizations that operate on Microsoft Active Directory (and there are 1000s across 150+ countries worldwide) have a need to be able to perform not just basic but also advanced audits to fulfill a variety of imperative cyber security needs -
  1. Active Directory Security ... details
  2. Privileged Access Audit ... details
  3. Attack Surface Reduction ... details
  4. Insider Threat Protection ... details
  5. Audit and Regulatory Compliance ... details
Unfortunately, at organizations worldwide 1000s of IT professionals struggle to fulfill a majority of these needs, because of two main reasons - a) the solutions required to fulfill these critical needs don't seem to exist (except for one), and b) the depth of knowledge and understanding required to fulfill these needs correctly i.e. precisely and accurately, is lacking substantially.

For instance, although Microsoft provides many basic tools such as dsacls, acldiag, LDP, ADUC, the Effective Permissions Tab, etc., these tools cannot help even one organization correctly answer even the most basic of cyber security questions such as -
  1. How many privileged users does the organization actually have?
  2. Who is delegated what administrative access where and how in Active Directory?
  3. How many individuals can reset the password of a Domain Admin to become proverbial God?
  4. How many individuals can change the Domain Admins group membership to become proverbial God?
  5. How many individuals can use Mimikatz DCSync to instantly compromise the credentials of the entire organization?
The lack of adequate solutions and the awareness required to perform such critical audits can primarily be attributed to the baffling lack of vital security guidance provided by Microsoft to its organizational customers. More on that on Jan 24th, 2017.

Thus, while there are many solutions today that can help organizations with reactive after-the-fact auditing, there are virtually no adequate audit solutions that can help organizations perform before-the-fact proactive effective access audits. Except one...

Gold Finger - Quite Simply The World's Best Active Directory Audit Tool

Any IT/AD/cyber-security pro worth his salt will tell you that not only is the need to know "Who can do what in Active Directory" paramount to cyber security, it is not "who has what permissions" but "who has what effective permissions/access" that matters.

Considering that, allow me to share with you the world's most capable, powerful and valuable Active Directory Audit Tool -

Gold Finger Active Directory Audit Tool

Simply put, Gold Finger can do in a matter of minutes, whenever needed, what could take an army of the world's best Active Directory security professionals and consultants from organizations like Microsoft Consulting Services an entire year to do -
  1. Automatically, precisely and correctly audit effective privileged access (incl. delegated) across an entire Active Directory
  2. Automatically, precisely and correctly audit effective permissions/access on any Active Directory object
  3. Automatically, precisely and correctly audit permissions across an entire Active Directory

Of course, considering it can do the impossible at a button's touch, it can also do the simple stuff with equal ease -
  1. Audit basic Active Directory security, such as account, group and OU management, true last-logons etc.
  2. Audit Active Directory group memberships, such as "What groups does a user belong to" etc.
  3. Audit Kerberos token-sizes including performing domain-wide Kerberos token-size calculations
  4. Audit Active Directory ACLs, security permissions/rights and domain-wide ACL dumps etc.

Also, because we care deeply about cyber security, we built it to the highest standards of trustworthiness.

The Swiss Army Knife of Active Directory Audit Tools

When you acquire and deploy Gold Finger, you have the world's most powerful cyber security arsenal at your finger tips -
  1. The World's only accurate Active Directory Administrative Access and Delegation Audit Tool
  2. The World's only accurate Active Directory Effective Permissions/Access Calculator
  3. The World's most comprehensive Active Directory Permissions Analyzer
  4. The World's most advanced Active Directory ACL Viewer and Exporter
  5. The Worlds' only fully-automated, professional Kerberos Token-size Calculator
  6. The World's simplest Active Directory Group Membership Reporting Tool
  7. The World's most trustworthy Active Directory Security Audit Tool (including the Free version)

So, if there's an audit to be done in Active Directory, chances are Gold Finger can get it done, and do so at a button's touch.

Simply put, if you truly understand Active Directory Security, and its role in cyber security worldwide, then you know that Gold Finger is possibly the most capable cyber security solution in the world. (There isn't a tool on the planet that comes close to it.)

Perhaps that's why, from the United States to Australia, the world's most powerful government and business organizations across six continents worldwide use it and depend on it to secure the very foundation of their cyber security today.

To learn more, please visit -

Best wishes,

PS: I only know so much about it because I architected it.  Now, onward to January 26th, 2017.

No comments:

Post a Comment