For more than two decades, Microsoft Active Directory (AD) has been the de facto method organizations use to authenticate and authorize users so they can access computers, devices, and applications within a network. AD is celebrated for its ease of management. But that ease of use comes with security downsides. Replicating an AD forest, for example, centralizes access to a company’s information stores, so once an attacker gains entry, the threat actor can wreak havoc across the enterprise. AD is difficult to secure given its constant flux, sheer volume of settings, and the ever-expanding proliferation of advanced and powerful hacking and discovery tools.
In this web seminar, Guido Grillenmeier, (Semperis Chief Technologist) and Jim Doggett (CISO) will discuss AD access points used in recent cyberattacks, how to look for warning signs that AD has been compromised, and steps to take in the event of an attack. You’ll come away from this seminar with guidelines for securing AD from cyberattacks, including:
- Identifying Indicators of Exposure (IoEs)
- Understanding changes that bypass security logs (including disabling or deleting logs or disabling agents that prevent injection attacks)
- Preparing for AD attack remediation
- Understanding limitations of native AD rollback capabilities
- Ensuring post-attack recovery doesn’t re-introduce malware