Somfy

Challenges

As a global player in home and commercial control systems, Somfy aims for the highest levels of innovation and advancement in its products and solutions. With several companies under its umbrella, Somfy’s security for intellectual property, design, and customer data spanning a vast directory infrastructure was paramount. As a part of its continuous improvement process, Somfy was seeking the best way to tackle unique AD security challenges. This required a targeted assessment of the root domain to identify any issues.

Identifying existing weaknesses

Utilizing Tenable.ad for AD’s seamless, instant-on deployment, Somfy was able to immediately investigate and identify problems in real-time, each corresponding to one of Tenable.ad’s Indicators of Exposure (IoE). Some of the major issues were related to the indicators AdminSDholder, Root Permission, and Kerberos Delegation. The results from the initial AD assessment highlighted too many administrators across numerous groups.

This initial connection between Tenable.ad and Somfy’s AD was vital, as the solution mapped the AD’s topology and identified any existing hidden attack pathways and weaknesses that could be leveraged by attackers.

Child domain complexity

After the initial connection and analysis of the root domain, attention turned to the child domain. However, a few challenges with the child domain showed potential loopholes and vulnerabilities. These included:

• Many entities in numerous global locations
• Many AD administrators
• Several administrators coming from outsourced, third-party resources

Solutions

Following the initial assessment exploring existing weaknesses, misconfigurations, and attack pathways, the Tenable.ad solution provided step-by-step remediation tactics to prevent vulnerabilities and attacks. Due to Somfy's need to quickly acquire some additional expertise relating purely to AD, Tenable.ad’s reputable partner provided ongoing workshops to analyze each IoE. The partner organized a tailor-made mitigation plan based on Tenable.ad for AD’s real-time results available to Somfy senior staff through an intuitive, consolidated dashboard.

Thanks to the Tenable.ad platform’s consistent real-time AD monitoring, Somfy was able to perform continuous workshops to address each actionable IoE task, while relevant teams were equipped with Tenable.ad-proposed checkers to ensure each step was mitigated. A workshop was set up for each IoE according to complexity and helped teach Somfy how to maximize the Tenable.ad solution.

Once the mitigation steps were complete, Somfy’s security team cross-referenced via the Tenable.ad platform to check the security status. Somfy was able to monitor its own compliance standards for AD, continuously monitor AD, and even receive assistance to establish compliance rules.

This method of measuring AD security achieved quick wins for the security team. Once the mitigation steps were complete, monitoring of the root domain continued to safeguard the Active Directory. Following this, the child domain was addressed.

Result

An adequate delegation model was put into practice to avoid the use of built-in privileged groups.

• New security issues introduced by AD admin misbehavior were identified and mitigated within one day.
• Systems and jobs configured with wrong credentials were spotted and located by the brute-force detection; their misconfiguration was fixed.
• A tweak in the domain configuration ensured that newly joined machines fell under the security patching GPO.
• Many service accounts were reconfigured to reduce their capability to damage the domain.