Securing Privileged Access within Microsoft’s Enhanced Security Administrative Environments (ESAE)

July 3, 2018 Corey O'Connor

 

The Microsoft Enhanced Security Administrative Environment (ESAE) is a secured, bastion forest reference architecture designed to manage the Active Directory (AD) infrastructure. This methodology focuses on “Tier 0” assets and identities, which have direct or indirect administrative control over a given AD forest and all of the assets within it, such as domain controllers, domain administrator accounts, critical servers and workstations.

 One popular technique in advanced cyber attacks is the exploitation of privileged accounts and their associated credentials to reach a Tier 0 domain controller – the central authority of trust within the Windows environment. Once a domain controller is compromised, the attacker has unrestricted access to the entire domain-joined IT infrastructure – all while eluding visibility or awareness of the organization. Based on what CyberArk has seen in the field, it can take an attacker who has hijacked a privileged credential less than 12 minutes from initial infiltration to being able to take over a domain controller, which hosts the services that constitute AD.

Critical to the overall strength of an ESAE deployment is the hardening of the control relationships among these powerful credentials, assets and humans. But managing Tier 0 assets and protecting against credential theft is demanding and difficult, particularly because organizations often try to juggle multiple account management solutions from Microsoft, including Local Administrative Password Solution (LAPS) and Microsoft Identity Manager (MIM).

CyberArk has designed practical solutions for the administration of ESAE and has been deployed alongside the architecture to maximize security and eliminate pain points by reducing administrative overhead and decreasing total cost of ownership.

Learn how CyberArk can help secure privileged access, create credential boundaries and provide enhanced auditing and recording within the ESAE and production environments by downloading this solution brief

 

 

Previous Article
Congratulations to CyberArk’s Scott Whitehouse on Being Named a CRN Channel Chief Four Years Running!   
Congratulations to CyberArk’s Scott Whitehouse on Being Named a CRN Channel Chief Four Years Running!   

Today, we’re thrilled to announce that Scott has been named a CRN Channel Chief for the fourth consecutive ...

Next Article
Premiering Feb. 19: CyberArk Webinar on Top Security Projects Featuring Gartner’s Neil MacDonald
Premiering Feb. 19: CyberArk Webinar on Top Security Projects Featuring Gartner’s Neil MacDonald

When it comes to picking the right security projects, Neil MacDonald, Gartner vice president and distinguis...

Gartner Names CyberArk a Leader in the 2021 Magic Quadrant for PAM

Download Now