The layout of the Identity Security module will mirror that of the Attack Surface and Internal Network modules. All issues and vulnerabilities that exist within the identity layer, can be observed, managed, and tracked over time.

The Identity Security module provides a dashboard view of all issues and vulnerabilities, as well as all information around the users, computers, and groups that these objects are a part of. Users have the ability to drill into each issue, as well as each object (user, computer, or group) to view the details.

Dashboard

The Identity Security dashboard will surface information regarding how many objects are within the directory services environment, how many issues are open, and how many issues have been fixed within the last thirty (30) days.

The dashboard will also surface all of the issues that exist with the amount of the affected objects on that risk sorted by the risk of the issue. Additionally, the percentage of active users and active computers within the directory services environment will also be displayed.

The Identity Security module automates the identification of Tier 0 or critical objects within a directory services environment. These objects are considered critical within a traditional Active Directory (AD) environment due to the permissions users and computers are delegated by default, or due to the groups that they are a part of and the delegated permissions due to the group membership.

Vulnerabilities

The vulnerabilities tab within the Identity Security module will surface all of the issues that have been identified within the objects collected from the Shield platform. The table will display all of the issues, the risk of each issue, as well as how many objects are within the issues that were identified.

Users can now export all of the vulnerabilities across their identity objects in the form of CSV files. To do this, click the Export button in the top right of the screen and proceed to click Download to receive the results.

Users can drill into each issue within the Active Directory Vulnerabilities table to view the description, solution and the affected entities for each of the AD issues that were identified within the directory services environment.

Users

The Users tab will display all users objects within a directory services environment, any created groups that user is part of, the criticality of that object, and if that user account is enabled or not. This page will also display the percentage of active users and the tier 0 (critical) users within the environment.

To view the information regarding a single user, click into a single user account and you will be directed to a page that will display the attributes for the user object you have selected.

Users have the ability to assign a criticality ranking for each object and/or group each object into pre-created groups, like any other asset within the Shield Platform. Additionally, this page will show the groups the user is a part of, any issues the user object has, as well as the Description, SID, Password Not Required attribute, Password Expired attribute, Password Last Set date, and Trusted for Delegation attribute.

Groups

The Groups tab will list out all of the groups within the AD environment for an organization and will call out the tier 0 (critical) groups within that environment.

To view all of the information regarding the groups object, click into a single group and you will be directed to a page that will display all users and/or computers within that group object.

Users have the ability to assign a criticality ranking for each group object and/or group each group object into a pre-created group within the platform.

Groups can be created within Settings -> Group Maintenance and that is independent of the groups objects that are collected via AD.

This page will also show any users within the AD groups, any issues that are tied to the group objects (independent of the users within the groups), as well as the Description, Date Created, Domain, and SID.

Computers

The Computers tab will display all assets or entities that have been collected via AD or scanned (at a network or agent-level). This page will also show the percentage of active computers, as well as the tier 0 (critical) computer objects.

Active Computer objects are computers that are enabled and have been accessed within the last ninety (90) days. Computers that are disabled and have not been accessed for over ninety (90) days are considered inactive.

To view the information regarding a single computer, click into a single computer object and you will be directed to a page that will display the attributes for the computer object you have selected.

Users have the ability to assign a criticality ranking for each computer object and/or group each computer object into pre-created groups, like any other asset within the Shield Platform. Additionally, this page will show the groups the computer is a part of, any issues the computer object has, as well as the Description, Date Created date, Domain, SID, Password Not Required attribute, Password Expired attribute, Password Last Set date, and Trusted for Delegation attribute.