Enhancing Active Directory Security with Saporo at the Office Cantonal de l'Information et du Numérique (OCSIN), Geneva.

Background

After a year of deploying Saporo, Geneva's state has experienced notable transformations in its IT (Active Directory) security posture.

The Problem

OCSIN, responsible for delivering IT services across Geneva's state departments, holds a paramount responsibility: securing the data of its citizens. Their Active Directory (AD) was seen as a complex entity — a "black box" with limited visibility, massive data sets, and inherent vulnerabilities. The first sign of danger was a penetration test that discovered attack pathways from an exchange server to their AD. While they had tools that showed potential risks, they lacked continuous, comprehensive visibility and actionable insights.

Why Saporo?

The introduction to Saporo came through a recommendation. OCSIN was already exploring solutions to visualize and understand attack pathways in their AD. While an initial audit with Microsoft didn't yield significant results, Saporo showcased real risks and gave a clear picture of the challenges within their extensive AD setup.

How Saporo helped

• Visibility: Saporo's detailed logs provided transparency over extensive AD permissions. This helped OCSIN connect vulnerabilities to excessive permissions, enhancing their security posture.
• Continuity: Unlike tools used previously, which only highlighted the first potential attack paths, Saporo provided insights into every possible paths, ensuring thorough Active Directory management.
• Chokepoints: With Saporo, OCSIN identified and rectified a broad Group Policy Object (GPO) that went unnoticed. This rectification significantly reduced their attack surface.
• Controls & Prioritization: Saporo's data-driven insights enabled OCSIN to prioritize their efforts better, especially in managing permissions related to SharePoint accounts with non-expiring passwords.
• Integration: OCSIN is planning to integrate Saporo logs into their SIEM, promising faster reaction times and more contextual alerting.

Benefits & Outcomes

• Affordable & Proven Utility: Saporo's cost-effective solution showcased its utility in collaborating with AD and SOC teams.
• Continuous Monitoring: OCSIN now addresses security issues weekly rather than quarterly.
• Improved Collaboration: OCSIN appreciated Saporo's rapid response and their impressive performance improvements over time.
• Swiss Made: As a Swiss solution, Saporo aligns with Geneva's preference for local solutions, especially when it concerns data protection.

Conclusion & Recommendations

"Saporo has been a transformative solution for OCSIN. It has filled gaps in our AD security strategy, offering comprehensive, continuous insights", summed up OCSIN's manager. "For entities with a mature AD setup, OCSIN highly recommends Saporo for its exhaustive capabilities and exceptional value for money".

Before Saporo, OCSIN faced challenges in understanding their AD's complexities and vulnerabilities. Now, they have a clearer picture, actionable insights, and a robust strategy for securing their IT infrastructure. Special thanks to OCSIN for sharing insights into their journey.