Sean Deuby | Principal Technologist

Identity threat response—the initial aspect of ITDR—is gaining importance as cyberattackers continue to find new ways into victims’ environments. I recently spoke with Brian Desmond, Principal at Ravenswood Technology Group, about his experience helping organizations secure identity and protect and recover critical identity assets like Active Directory (AD).

“Anything that can exert control over the whole environment, over identities…we really want to figure out how we can put a ring around it and limit how control can be exerted,” says Brian. That includes implementing MFA, but it goes far beyond such precautions.

“If all [MFA providers] protect are remote desktop sessions or local logons, that’s great, that makes you feel good,” Brian notes. “But at the end of the day, that’s probably not how your stereotypical bad guy is going to abuse things.”

Identity threat protection and AD

With increases in remote workers and the complications inherent to hybrid AD environments, it’s no wonder ITDR solutions are gaining traction. “We continue to see things like customers with hundreds of domain admins…customers with shared service accounts in the Domain Admins group because that was the only way they could get things to run,” Brian explains. “We see people … who are running on out-of-support or unpatched domain controllers…these things are so prevalent.”

What types of questions should security pros be asking? Listen to this episode of the Hybrid Identity Protection (HIP) Podcast to learn more.

 

Want more Hybrid Identity Protection?

Launched in April 2020, the HIP Podcast is the premier podcast for cybersecurity pros charged with defending hybrid identity environments. In each episode, I interview some of the industry’s most knowledgeable—and interesting—experts. The HIP Conference expands this experience with hands-on learning from some of today’s premier identity security experts.

Learn more about ITDR and identity threat response

The term “ITDR” might be new, but our dedication to hybrid identity threat detection and response isn’t. Check out these resources for more information: