Is there a software/ tool to make it harder for attackers to penetrate a network and obtain privileged account access? How do I add protection to privileged groups that control access across a range of domain-joined computers and applications on those computers?
I have to agree that (properly configured) hardware firewalls are the first line of defense. Writing out a security plan is also a good idea in a commercial production environment - that is, what are the likely vectors of attack and how can those be mitigated? Nothing is bulletproof - a good strategy will involve concealing valuable resources on your net to greatest extent possible. Then add as many barriers and restrictions as possible, balanced against the resources (budget) available and the flexibility absolutely needed (not wanted) for users of the network. You should ideally start from "all users have no privileges" and then add only those actually needed by each group, if you want to maximize security. The idea is to maximize the chance of 1) not being found and 2) making it difficult enough not to warrant the time investment someone would need to crack the security, relative to the value of the assets on the network.