“Stay alert and do your digital homework,'” says the latest security bulletin from the German Federal Office for IT Security (Bundesamt für IT-Sicherheit – BSI), issued in the wake of the Ukraine war. This starts with securing Microsoft’s Active Directory (AD), the de facto industry standard for directory services and backbone of all user and rights management. Controlling AD equates to control over all IT infrastructure. “Active Directory is the Achilles’ heel of IT security. Any manipulation of it can jeopardize the entire identity infrastructure, and if it’s not secure, nothing is,” says IDC analyst Christina Richmond.

Old solutions are ineffective

Traditional Active Directory security solutions focus on listing thousands of common configuration issues, burdening administrators with unprioritized mountains of work. Administrators need solutions that provide automated, continuous visibility and support appropriate countermeasures in real time. This is not only a technology issue, but also a manpower problem. Many companies lack qualified personnel and know-how. The BSI has clear advice on this: “Where resources and skills are lacking, get appropriate support from external service providers.”

Teal combines consulting expertise and full-managed service offerings

At Teal, we focus our highly specialized staff on AD hardening. “Active Directory must be a core component of every company’s safeguarding strategy and must not be considered a niche topic,” is the emphatic advice of one of the three founders, CEO and IT consultant, Fabian Böhm. We focus on two proven solutions: Secure Administration Environment (SAE) and Secure Core Infrastructure (SCI). SAE is based on the Microsoft Enhanced Security Administration Environment (ESAE). This design concept makes prevents or mitigates the risk of adversarial lateral movement and privilege escalation within the network. It also significantly reduces the potential damage of a successful attack. “Our goal is to continuously increase security in corporate environments and to support you with efficient solutions as a consultant and full-managed service provider,” says Fabian Böhm about the company strategy.

This approach and the use of Teal products provide the following benefits:

• • Unparalleled visibility into Active Directory
  • Measurably improved security posture
  • Elimination of “stopgap” solutions
  • Improved availability of directory services

But that’s not all. Recently we have expanded our range of services considerably by partnering with US-American SpecterOps, to offer BloodHound Enterprise in Europe. SpecterOps’ mission is to enable their clients and the braoder community through education, visibility, and proactive countermeasures. Widely regarded for their adversary simulation / detection services, SpecterOps also offers training and contributes to a number of open-source security projects. In July of last year, they released their first commercial product, BloodHound Enterprise which has helped numerous clients combat Attack Path risk in Active Directory.

From the creators of the open-source BloodHound and Powered by SpecterOps research, BloodHound Enterprise is a focused approach to Attack Path Management.   BloodHound Enterprise visualizes the attack paths, prioritizes the solution, and describes step-by-step actions, and provides real-time evaluations to significantly increase security.

BloodHound Enterprise support from Germany

Teal’s new cooperation with SpecterOps will result in many important advantages for European companies interested in their powerful solutions. For example, Teal will provide support to their European customers directly, this means:

• • No communication with the US company
  • Everything in English or German and in the CET time zone
  • Euro prices, so no currency risk
  • Data storage in Europe

Although the cooperation between our two companies is still quite young, the first joint customer contracts have already been signed.

We look forward to accompanying and supporting you on your PATH.