Active Directory Security Assessment

One day for data collection and another to analyze and prepare your Active Directory Security Assessment report.

Get easy-to-follow, step-by-step instructions on securing your on-prem or mixed AD environment.
Our auditor was part of Microsoft's Security Consulting team before joining Atlant Security.

What makes our Active Directory (AD) Security Audit Service different?

Schedule an online meeting about your Active Directory Security Assessment

Our Active Directory (AD) Security Assessment is a great place to start and will highlight many vulnerabilities in your Active Directory that could leave you at risk of a dangerous cyber attack.

Our Active Directory security assessment examines your AD administration practices and current setup against Microsoft’s security documentation and the US DoD Active Directory STIG (Security Technical Implementation Guide). We compare its requirements with what is present in your organization, giving urgent recommendations to implement against the risks to your business. This means you can rest assured your business is safe allowing you to focus on other parts of the business.

Active Directory security topics covered in your assessment:

Our mission: Turn your Active Directory into a Fortress

An Active Directory (AD) Security Assessment checks how resilient is the core of your IT infrastructure to an attack or human error. Its scope depends on the size of your company and your objectives. The assessment might mean a quick check of your domain or a comprehensive security review of its deep configuration and of all your domain controllers and connected servers.

We audit the controls in place (or their absence). These controls might be administrative, or in other words, the practices employed by your administrators. They could also be technical or even physical.

ad security assessment prep

Our AD Security Assessment Process

Planning for the audit execution

Before conducting an Active Directory Security Assessment, we always have at least one logistics meeting with your IT administrative personnel. 

These meetings help establish the reasons behind the audit and its strategic security objectives. 

Here is our IT Security Audit Preparation Process:

  • Meeting with the IT team
  • Review of the client’s business – departments, management team, critically important production facilities, and IT infrastructure. 
  • Final scope agreement.

Understanding the Step-by-step AD security improvement plan

Your AD Security Audit Report will contain an executive section for senior management and a technical section for IT and security personnel.

The Executive Section of the report usually focuses on the business impact of the findings and on prioritization advice. This way management can request specific actions to be expedited and will know about their own responsibility to fund these efforts. Sometimes this also means hiring extra pairs of hands.

The technical section of the report will also be split in High Criticality, Medium Criticality, and Low criticality findings.

Each finding will be paired with its respective advice on fixing the finding – focus on the fix rather than finding who to blame for the finding, it is the only productive way to read and act upon your IT security audit report.

understanding the ad security report

We go beyond asking questions — and turn our security audits into half-audit, half-security consulting sessions. While there are hundreds of topics to go through, we identified the need to explain and discuss them so that your team would better understand why we ask this question and how it could affect your company. 

Usually, it takes 2-3 days for data collection and a week to prepare a report and your unique Information Security Program plan. An IT security audit from start to finish usually takes around 2 weeks, excluding any prior logistics preparations and clarification meetings after you get your results. 

We welcome you to record the Active Directory security audit sessions on your own — we discuss so many topics and our team provides such valuable input, that it would be a huge loss if you couldn’t watch the sessions later and extract valuable insight from them. 
If you ask us, we will also record the sessions for you and provide you with the recordings. We will delete the recordings after the IT Security Audit is complete.

Customize your AD Security Assessment