Strengthening IT security

Active Directory Tiering Implementation

Cybercriminals often move laterally across networks to gain domain admin access. Active Directory tiering blocks this by isolating systems into zones, separating vulnerable devices like workstations from critical assets like domain controllers and backups.

Active Directory Tiering

What’s AD Tiering Implementation?

Active Directory Tiering, or AD Tiering, is more than just a technical strategy; it’s a method for protecting your most critical assets by placing them in highly secure layers. This practice involves segmenting administrative privileges, commonly known as Privileged Access Management (PAM), and has been a best practice for more than a decade.

The concept of putting our most valuable things in the most protected place isn’t new. It’s been around pretty much since we’ve had….well, things.

Peter Löfgren

Principal Technical Architect

Active Directory Tiering

The Three Phases

01

Phase 1 - Knowledge

We conduct a startup meeting that includes the concepts and benefits of working with a tiering model. Examples of areas covered:

Why to use a tiering model.
The tiering model.
Why and when to use a privileged access workstation (PAW).
Ways of working for admins.

02

Phase 2 - Implementation

In Phase 2, the environment is prepared, and information regarding current and future privileged users is collected. Then the new tiering structure is created with all the policies and settings required. “Break glass” accounts are also created.

03

Phase 3 - Guidance

In Phase 3, the systems are protected one by one in the new tiering model by your team. Also, the implementation of privileged access workstations (PAW) is completed. As this establishes a new way of accessing the environment for some administrators, experts from Truesec are there to guide and assist during this phase. This is supported by a bi-weekly meeting with Truesec experts to answer questions and provide further guidance

An AD Tiering Implementation will provide you with the following:

Best in class team protect your business form cyber attack.

A team using a battle-proven, efficient methodology to implement and document tiering without impacting your business.

An efficient, secure use of your existing infrastructure investments.

Threat Detection of IT systems

A means to make it more difficult for attackers to attempt to compromise sensitive systems.

Monitoring IT environment 24/7

The ability to protect the most valuable assets and systems without adding complexity for the business.

Advice from Truesec on how to continue to increase your cyber resilience.