Solution based on ESAE model by Microsoft - introduce policy and configurations to manage accesses of privileged credentials to computers (server and workstation) in Active Directory.
The theft or compromise of the «keys of the kingdom» (Active Directory privileged credentials) causes extensive damage, disruption and data exfiltration Therefore, protection of the «keys of the kingdom» is one of the main task to increase the general security posture of every environment. Protection is achieved by defining management levels in Active Directory isolated from each other, called "Tier", which together are the «Tiering model». Thanks to the Tiering model, the probability of success of the attack techniques defined by MITRE as Privilege Escalation and Lateral Movement can be reduced.
The definition and application of the "Tiering model" in Active Directory can be done in two ways:
SPA model by Microsys: Based on ESAE model by Microsoft, but easier to implement and manage. SPA model introduce: