Against a backdrop of surging cyberattacks and stepped-up measures by governments to address cybercrime, the award-winning 2021 Hybrid Identity Protection Conference, a virtual event on Dec. 1-2, will deliver visionary perspectives on identity protection in the future as well as practical tips for securing identity systems—particularly Active Directory—today.
Finding and fixing identity-related vulnerabilities has never been as urgent, as recent high-profile attacks—such as SolarWinds and Colonial Pipeline—have targeted the most common identity store, Active Directory, to gain access to information systems. The U.S. government has steadily increased the volume of warnings that security vulnerabilities need to be fixed. The most recent directive from the Cybersecurity and Infrastructure Security Agency (CISA) focused on patching “vulnerabilities for remediation that have known exploits and are being actively exploited by malicious cyber actors,” including the Microsoft Windows Print Spooler flaw. If you’re in charge of fixing AD vulnerabilities, you will want to check out this year’s HIP Conference lineup.
HIP Conference 2021 addresses top-priority Active Directory misconfigurations
With the list of identity-related security problems growing on a daily basis, it’s hard to know where to start with remediation efforts. But attendees of this year’s HIP Conference will come away with solid guidance from world-renowned AD and security experts for addressing the most glaring security gaps. Here’s a rundown of practical AD security sessions on tap:
- Common Active Directory Misconfigurations: Orin Thomas, Principal Hybrid Cloud Advocate at Microsoft, is quick to admit that AD has some problems, pointing out that many organizations have AD implementations “that are old enough to have graduated high school.” He’s sympathetic to AD admins who often inherit a decade’s worth of faulty misconfigurations that have ballooned over time. “If you’ve inherited an Active Directory instance that one or more predecessors have managed, it’s likely that you’re unaware of these security misconfigurations unless you’ve deliberately gone searching for them,” he says. A prolific author of dozens of books about Microsoft technology, Thomas will cover common AD misconfigurations, their security implications, and how to fix them.
- Top 5 Risky Account Security Configurations: Based on a survey of users of Purple Knight (a free Active Directory security assessment tool), organizations are seeing the lowest scores in the account security category. Account security misconfigurations are some of the riskiest in the AD environment—including admin accounts with old passwords, changes in privileged group membership, and enabled but inactive admin accounts. In this session, AD experts Sean Deuby and Alexandra Weaver step through five top-priority security gaps and how to fix them.
- Practical Tips for Protecting Active Directory: Delivered by “The GPO Guy” Darren Mar-Elia, this session explores various AD attack paths from the view of an attacker. What are cybercriminals looking for when they try to exploit AD? You’ll come away from this session with clear, step-by-step guidance for reducing the AD attack surface—no change tickets needed.
Can we forget passwords already?
Along with real-world solutions for improving security posture, HIP Conference 2021 will present a range of perspectives on the vision for a passwordless future—which most identity experts are eager to embrace. The death of passwords has been anticipated for some time as we mere mortals struggle to use them correctly. As keynote speaker Jim Routh said, “The growing obsolescence of passwords has more to do with digital consumers trying to remember credentials for more than 150 digital assets on average (well beyond most of our capabilities), so we reuse passwords.” And of course, reuse of passwords creates open doors for cybercriminals.
Forward-looking sessions at HIP Conference 2021 will cover some of the most innovative programs under development by identity experts across the world:
- Why We Need Behavioral-Based Authentication Solutions: Jim Routh (former CISO of MassMutual, CVS, and Aetna) presents the argument that to effectively ditch passwords, we need behavioral-based authentication solutions, operating in near real-time. Such an approach would eliminate the “digital friction” that consumers experience when fumbling with passwords, thwart account takeover by cybercriminals, and lower operational costs by eliminating all that “password-resent” infrastructure. (That sounds good, doesn’t it?)
- Will Decentralized Identities and Verifiable Credentials Become the Future of Identity? The highly engaging John Craddock (longtime identity expert and IT infrastructure and security analyst) introduces the world of verifiable credentials (VCs) in this session. Craddock looks into a near future where we might all have a single proof of identity that could be used across multiple services and platforms.
- Taking a Large Organization Passwordless—Completing the Journey: Joe Kaplan from Accenture breaks down barriers to the passwordless future in this session, which walks through a real-world story—still unfolding—of one organization’s multi-year journey to leaving passwords behind. Building on his HIP Conference 2020 session, Kaplan will give an update on current project status, hard lessons learned thus far, and milestones they must hit to meet their goal of eliminating passwords for 90 percent of employees by September 2022.
Plus guidance on securing Azure Active Directory, recovering after a ransomware attack, and more
Rounding out HIP Conference 2021 will be sessions that meet IT, IAM, and security professionals where they are today: Solving day-to-day security challenges such as securing Azure Active Directory, recovering business operations after a ransomware attack with a tested DR plan, and rallying collaboration between identity and security teams to solve shared security problems.
Whether your top concern is addressing today’s security problems or planning for the future, HIP Conference 2021 will be time well spent for technology pros who urgently need to defend their organizations against the latest onslaught of cyberattacks.