TRIMARC

Trimarc’s Security Solutions Improve Enterprise Security & Mitigate Modern Attack Methods

Trimarc was founded by Sean Metcalf, a Microsoft Certified Master in Active Directory, to help organizations better secure their Microsoft platform, specifically on-premises Active Directory (AD) and the Microsoft cloud environment (Azure AD & Office 365). Collectively, our team has decades of systems engineering experience in enterprise environments combined with security vision and know-how, and this expertise more quickly and effectively improves the security posture of our customers.

Trimarc Expertise

 

Trimarc provides leading expertise in security solutions including security reviews, strategy, architecture, and implementation. Our methodology leverages our internal research and custom tooling which better discovers multiple security issues attackers could exploit to compromise the environment. Trimarc security services fit between traditional compliance/audit reviews and standard penetration testing/red teaming engagements, providing deep understanding of Microsoft technologies, typical security issues and misconfigurations, and provide recommendations based on our own best practices custom-tailored to balance operational and security challenges.

 

From Active Directory to the Microsoft Cloud (Office 365 & Azure AD) to VMware, Trimarc has the knowledge and expertise to help improve your security posture. Our focus on the systems that enable today’s business positions us to effectively assess and improve enterprise security.

 

  • Active Directory

  • Microsoft Cloud (Office 365, Exchange Online, & Azure AD)

  • Virtual Infrastructure (VMware)

  • Microsoft Windows 10

Trimarc provides security solutions including strategy, architecture, tactical implementations, and long-term maintenance. In addition, we perform renowned security research that has helped drive the implementation of effective protection measures for organizations reliant on Microsoft technologies.

Trimarc works on continuously developing defensive strategies to combat evolving attack techniques. We focus on defensive layers within the enterprise – while any single defense may fail, there are others that compensate for this and provide additional detection and/or mitigation for that area.
 

 

Trimarc Services
 

Trimarc provides customized solutions developed to help you secure your environment. We focus on helping you better leverage existing technology investments to improve enterprise security posture.

 

Our primary service offerings focus on reviewing and improving the security of your Active Directory and Azure Active Directory (Office 365) environments. Key to this is ensuring that any security recommendations we provide align with your business process and requirements. Trimarc works with you as a Trusted Adviser in improving your enterprise security.

 

Trimarc’s Active Directory security review and assessment scans the AD environment shining a light on the dark, forgotten corners and unravels the spider-web of permissions collected over many years. We identify multiple potential AD escalation paths and provide recommendations that are actionable, prioritized, and customized to the environment so they can be implemented more quickly (and phased in over time) to effectively mitigate them. Our reporting methodology and approach provide clear paths to resolution and most of the critical issues we discover in our customer environments are resolved in days to weeks, not years.

 

Furthermore, we work with both Red and Blue teams and perform offensive & defensive research, which provides us unique understanding and experience in how organizations are typically attacked and provide insight into the best defensive tactics.

Trimarc has a variety of security solutions customized to meet each organization’s security needs and concerns. Please contact us for more information on how we can help you!

 

 Service List:

Events & Announcements

ANNOUNCING: Trimarc's New Active Directory Security Review (ADSR)
 

Trimarc has a variety of consulting services we provide to customers, with the most popular being our Active Directory Security Assessment (ADSA) is a comprehensive evaluation of the security posture of your Active Directory environment.

Trimarc is launching a new service engagement: "Active Directory Security Review" (ADSR).
The ADSR is a lighter version of our Active Directory Security Assessment for smaller, single domain forests and is focused on the most common AD security issues.

The ADSR is not as in depth or comprehensive as our Active Directory Security Assessment offering and the engagement timeline is 2 weeks (vs 4 to 6 weeks for the ADSA).

In order to perform the ADSR, Trimarc doesn’t require network access. Instead, we provide a PowerShell script to export key AD data which can be uploaded to the Trimarc Secure Portal (where all data is encrypted at upload and remains encrypted).
The ADSR is performed completely offline.

Trimarc's new Active Directory Security Review is launching Fall 2020, initially for non-profits and Merger & Acquisition (M&A) scenarios.

Read more about the Trimarc Active Directory Security Review (ADSR)

 

Is Your Active Directory Secure?

Modern Active Directory environments are typically not aligned to best protect the enterprise from the current threats. The attack vectors that were theoretical years ago are now practical. Additionally, one of the biggest vulnerabilities that most enterprises have is the legacy administration and management of the enterprise. Many organizations are still using group membership in Domain Admins to grant Active Directory administrative rights for admins and service accounts. There are a number of methods used to escalate attacker permissions once they gain a foothold and have malicious code running on one or more computers inside the perimeter. In order to properly protect modern networks a new focus on admin credential protection and management is required.

​Penetration Test (“pentest”) and Red Team engagements identify a few exploit paths used to compromise the environment. Pentests and red teams are great to identify weaknesses in security controls and highlight visibility “blind spots”, but typically don’t provide a full picture of all the potential exploitation paths in an organization. This means weak spots in Active Directory security are likely to remain putting the enterprise at risk.

Our most popular service is Trimarc's Active Directory Security Assessment which is a review of the organization’s Active Directory security posture. Trimarc reviews Active Directory and identifies as many escalation pathways as possible that an attacker could leverage to take over AD. This Trimarc engagement scans the AD environment and identifies weaknesses that could be leveraged by an attacker to elevate privileges and/or persist in the environment, potentially without detection. We probe into the dark recesses of AD to root out potential issues to help our customers proactively resolve them. After scanning AD for security issues, we provide recommendations that improve the security posture.

What Else Can Trimarc Do?

  • Provide security guidance for moving services to the cloud.

  • Align Active Directory security best practices with business process & requirements.

  • Evaluate the security posture of your Microsoft cloud tenant (Office 365 & Azure AD)

  • Evaluate the security posture of the virtualization platform infrastructure (VMware).

  • Leverage existing technology investments to improve enterprise security posture.

  • Perform research on new attack methods and provide briefings on effective mitigation and detection.

  • Provide Microsoft platform security expertise.

  • Help prioritize security remediation recommendations from a previous assessment.

  • Provide recommendations to improve endpoint security and attack detection.

  • Provide recommendations to improve detection of modern threat activity.

Please reload

WHAT OUR CUSTOMERS SAY

“We hired Trimarc to perform an AD security assessment.  They provided a comprehensive report on our Active Directory environment highlighting issues and concerns, but more importantly provided detailed recommendations which were useful in resolving them. 
It can be difficult to find quality services in the security realm, so I really appreciate Trimarc’s professionalism, expertise, and passion.” 

 

—  Michael B.
(Charitable Organization)

Trimarc
1775 I St NW
Suite #1150
Washington, DC 20006

(202) 587-2735

  • Twitter Social Icon

©2020 Trimarc