Case Study: State Government Employment Agency achieves modernized, secure Active Directory and reduced attack paths with Tenable Networks' Identity Exposure

State Government Employment Agency Uses Tenable Identity Exposure to Modernize and Secure its AD Architecture

A large state employment agency that manages the state’s unemployment system was running on a 20+-year-old Active Directory architecture—a single root domain with roughly 35 subdomains—creating interdependencies and widespread exposure of employee, employer and client identities. With thousands of assets, public usernames, and legacy entitlements, the security team lacked visibility, believed the environment was effectively already breached, and needed evidence and authority to modernize and harden AD.

The agency deployed Tenable Identity Exposure to continuously scan Active Directory, prioritize weaknesses, and deliver tactical, step‑by‑step remediation guidance. The platform uncovered critical issues (including a domain admin using a rogue patch source), enabled removal of hundreds of risky group policies, helped secure leadership buy‑in, and accelerated an 18‑month remediation program—significantly reducing attack paths and improving the agency’s AD security posture.