Identity Protection – Using the Domain Security Overview

Summary

In this resource you will learn how to use CrowdStrike Falcon Identity Protection’s Domain Security Overview for insight into your identity landscape.

The Problem

You can’t secure what you don’t understand. You need visibility into your identity landscape to proactively mitigate gaps attackers take advantage of.

The Value of Falcon Identity Protection

CrowdStrike Falcon Identity Protection gives security analysts actionable visibility into their identity landscape.

Use the domain security overview to get insight into your identity landscape. Use different “goal” filters for visibility tailored to your role and needs.

This demonstration will cover how to access, view, and use the domain security overview to improve identity security and ultimately stop breaches.

Using Domain Security Overview

Start by navigating to the domain security overview page.Using the main menu, navigate to the Identity Protection -> Domain Security Overview.

The Domain Security Overview gives you visibility into risks across your identity environment in a simple to understand view.

Up top you will find dashboard widgets that inform you on the overall security stance of your domain.

The risk score, for example, is an overall security risk rating for the domain. This score ranges from 1 to 10, with 10 being the highest cumulative risk level. The risk matrix displays risks rated by likelihood of exploitation and the impact of that exploitation. A more likely, and more impactful risk is given a higher criticality

On the bottom-half of the screen are individual identity risks contributing to the risk score.

Risks are prioritized and listed from most to least critical, so you know what is most important to address – enabling you to close the most impactful and likely gaps before attackers take advantage.

Clicking a risk expands additional information. Let’s take a closer look at the high severity Compromised Password risk.

We can now see more information about the selected risk, including an easy-to-understand description of what that risk is, and its consequences. For example, compromised passwords are exposed from previous breaches or use common, unsecure phrases which adversaries can more easily and quickly guess.

You can also see recommended actions to mitigate this risk, including steps to take within Falcon. For example, using Falcon Identity Protection policies, for example, you can force users to change compromised passwords.

Click the Show related entities button to expand a panel on the right. This shows all users and/or devices affected by the selected risk. Select an entity to quickly pivot and view more information for further investigation.

Changing Views

On the upper-left side of the Domain Security Overview page are filters for goal and scope. Use the “scope” dropdown to filter the page results to the selected domain (if you have more than one).

The goal dropdown aligns the Domain Security Overview page for the selected goal. There are four goals you can choose from:

• AD Hygiene
• Pen Testing
• Privileged Users Management
• and Reduce the Attack Surface

When changing a goal, top level metrics and risks change to reflect the selected goal.

Conclusion

The Domain Security Overview provides you with actionable, tailored insight into your identity landscape. Use Falcon Identity Protection’s deep visibility to address risk and strengthen identity security in your environment.