SlideShare une entreprise Scribd logo

Sounding the Alarm with Real-Time AD Detection and Alerting

Quest
Quest

The document discusses hybrid Active Directory (AD) security challenges and how Quest solutions can help. It describes how AD is critical even for cloud/hybrid environments. Common security challenges include lack of visibility across on-premises and cloud resources and inability to track policy violations or maintain long-term audit trails. Quest solutions provide real-time detection and alerting across hybrid environments, help investigate incidents, and enable remediation of unauthorized activities through reduced privileged access and continual assessment. A demo shows how Quest tools consolidate event data and correlate identities to better detect and respond to threats.

Technologie
1  sur  38
Télécharger pour lire hors ligne
How to Overcome Common Hybrid AD and Cloud Security Challenges • Part 2: Sounding the Alarm with Real-Time AD Detection and Alerting
Confidential3 Today’s speakers Bryan Patton - CISSP Principal Strategic Systems Consultant, Microsoft Platform Management Bryan.Patton@quest.com Austin Collins Product Marketing Manager, Microsoft Platform Management Austin.Collins@quest.com Shawn Barker Sr. Product Manager, Microsoft Platform Management Shawn.Barker@quest.com
Confidential4 Confidential4 Webcast Series: How to Overcome Common Hybrid AD and Cloud Security Challenges Part 1: Identifying Hybrid AD Security Risks with Continuous Assessment • May 3rd at 11EST Part 2: Sounding the Alarm with Real-Time AD Detection and Alerting • May 10th at 11EST Part 3: Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged Access • May 17th at 11EST Part 4: Investigating and Recovering from a Potential Hybrid AD Security Breach • May 24th at 11EST Quest.com/StopHankNow Continually assess Detect and alert Investigate and recover Remediate and mitigate
• What is Hybrid Directory Security? • Who is Hank the Hacker? • Hybrid AD and Cloud Security challenges • Quest Hybrid AD Security Solutions • Live Demo • Q&A and Wrap-up Agenda
What is Hybrid Active Directory Security?
Confidential8 Confidential8 • Office 365 requires an Azure AD instance • Azure AD provides the Directory Service for Office 365 applications • Azure AD integrates with On- premise AD creating a Hybrid Directory environment Hybrid Active Directory Environment
Confidential9 What does AD have to do with Office 365 Security? 95 Million AD authentications are under attack daily 90% Of companies use on- premises AD 70% YoY growth for Office 365 adoption 1 Million Subscribers a month moving to Office 365 700 Million Azure AD accounts 10 Billion On-prem AD authentications per day 1.3 Billion MS cloud login attempts per day 75% Of enterprises with more than 500 employees sync on prem. AD to Azure AD 10 Million Daily MS Cloud logins are cyber-attacks
Confidential10 Confidential10 Active Directory Security is Critical On-premises AD remains the core of security even in a cloud/hybrid environment On-prem is authoritative source and will replicate to Azure AD & Office 365 With security, you are only as secure as your weakest link 1 2 3
Who is Hank the Hacker?
Confidential12 Confidential12 • Organized criminal groups • State-affiliated actors • Disgruntled employees • Rouge administrators • Contractors • Etc. Who is Hank?
Confidential13 Confidential13 How Hank Gets In? • Malware • Ransomware • Pass-the-hash • Weak passwords • Social engineering • Authorization creep • Spear Phishing • Etc.
Hybrid AD Security Challenges
Key Considerations • How will I know if any suspicious privileged account activities have occurred? • Have any changes occurred that could be an indication of an insider threat? • How will I know, quickly, if an intrusion has happened? • Could we be under brute-force attack right now? Key Considerations
Confidential16 Confidential16 Key Challenges • Visibility into who is doing what across AD, Windows, Azure AD & Office 365 • Correlating activity across on premises and cloud resources into a single view • Tracking violations to security policies • Continuous compliance to external regulations & internal audits • Maintaining history of audit trails to satisfy internal policy & regulators
Confidential17 Confidential17 Challenges with Native Auditing • No comprehensive, central view of all changes from all Windows platforms • Searching for a specific activity is time consuming and frustrating • Event details with limited information are difficult to interpret without expertise • No protection exists to prevent unwanted changes to the most sensitive objects, even from privileged users • No long term archiving of activity to satisfy internal security groups or external compliance requirements
How Does Quest Help?
Confidential19 Confidential19 Quest Hybrid Active Directory Security Solution Continually assess Detect and alert Remediate and mitigate Investigate and recover Active Directory Unified AD Fine-Grained Provisioning UNIX Servers SP2K PROD AZUREAD O365 INDIA ASIAPAC EMEA US Aqusiition AD. SAAS Apps. Exchange SQL File Servers On Prem. Apps AAD Connect
Confidential20 Confidential20 Quest On-Prem & Hybrid Security Solutions • Investigate security Incidents • Continuously test your business continuity plan • Recover from a security incident • Improve your RTO following a disaster • Secure access to AD DC data • Enforce permission blacklisting/whitelisting in AD • Implement AD least-privilege access model • Reduce surface attack area in AD • Prevent unauthorized access to sensitive resources • Remediate unauthorized activities • Who has access to what sensitive data • Who has elevated privileged permissions • What systems are vulnerable to security threats • Detect suspicious privileged activities • Alert on potential insider threats • Notify in real time of unauthorized intrusions against • Detect and alert on brute-force attacks Continually assess Detect and alert Investigate and recover Remediate and mitigate
Confidential21 Confidential21 Privileged Accounts • What are they doing with the access • Do they need that access • Reduce surface attack area
Demo Screenshots
Confidential23 Confidential23
Confidential24 Confidential24
Confidential25 Confidential25
Confidential26 Confidential26
Confidential27 Confidential27
Confidential28 Confidential28
Confidential29 Confidential29
Confidential30 Confidential30
Confidential31 Confidential31
Confidential32 Confidential32
Confidential33 Confidential33
Confidential34 Confidential34
Confidential35 Confidential35 Change Auditor Consolidates event data from on premises and from cloud targets Correlates identities across on premises and cloud Configures and maintain your audit policy across your hybrid environment 1 2 3
Confidential36 Confidential36 InTrust Response actions based on events in logs Caching of logs to ensure complete audit trail Compression of logs for longer storage 1 2 3
Confidential37 Confidential37 • Additional data than you natively receive on premise • Correlation of data in the cloud • Reduce noise to focus on what is important in your environment Summarize
Confidential38 Confidential38 Next Steps: Attend next week or watch on-demand! Part 1: Identifying Hybrid AD Security Risks with Continuous Assessment • May 3rd at 11EST Part 2: Sounding the Alarm with Real-Time AD Detection and Alerting • May 10th at 11EST Part 3: Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged Access • May 17th at 11EST Part 4: Investigating and Recovering from a Potential Hybrid AD Security Breach • May 24th at 11EST Quest.com/StopHankNow Continually assess Detect and alert Investigate and recover Remediate and mitigate
Questions?
Thank You

Recommandé

Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment
Quest
 
Investigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachInvestigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security Breach
Quest
 
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Quest
 
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat Security Conference
 
HIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best PracticesHIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best Practices
Hostway|HOSTING
 
Save Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksSave Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
ThreatConnect
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018
Greg Foss
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17
Greg Foss
 

Recommandé

Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment
Quest
 
Investigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachInvestigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security Breach
Quest
 
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Quest
 
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat Security Conference
 
HIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best PracticesHIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best Practices
Hostway|HOSTING
 
Save Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksSave Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
ThreatConnect
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018
Greg Foss
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17
Greg Foss
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
ThreatConnect
 
501 ch-1-mastering-security-basics
501 ch-1-mastering-security-basics501 ch-1-mastering-security-basics
501 ch-1-mastering-security-basics
gocybersec
 
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
North Texas Chapter of the ISSA
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense
Alert Logic
 
AWS User Group August Edition
AWS User Group August EditionAWS User Group August Edition
AWS User Group August Edition
Andreas Wasita
 
Webinar: Vawtrak v2 the next big Banking Trojan
Webinar: Vawtrak v2 the next big Banking TrojanWebinar: Vawtrak v2 the next big Banking Trojan
Webinar: Vawtrak v2 the next big Banking Trojan
Blueliv
 
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
Alert Logic
 
Incident Response: Tools & Techniques
Incident Response: Tools & TechniquesIncident Response: Tools & Techniques
Incident Response: Tools & Techniques
SecureData Europe
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
Ernest Staats
 
Dollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceDollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat Intelligence
ThreatConnect
 
See Web Security Trend from OWASP Top 10 - 2017
See Web Security Trend from OWASP Top 10 - 2017See Web Security Trend from OWASP Top 10 - 2017
See Web Security Trend from OWASP Top 10 - 2017
Chia-Lung Hsieh
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
AlgoSec
 
Security by Design: An Introduction to Drupal Security
Security by Design: An Introduction to Drupal SecuritySecurity by Design: An Introduction to Drupal Security
Security by Design: An Introduction to Drupal Security
Tara Arnold
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and Orchestration
Greg Foss
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nube
Cristian Garcia G.
 
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
Micro Focus
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
Fidelis Cybersecurity
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chain
Fidelis Cybersecurity
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
Precisely
 
Reducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security BreachReducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security Breach
Quest
 

Contenu connexe

Tendances

Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
ThreatConnect
 
AWS User Group August Edition
AWS User Group August EditionAWS User Group August Edition
AWS User Group August Edition
Andreas Wasita
 
Dollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceDollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat Intelligence
ThreatConnect
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
AlgoSec
 

Tendances (20)

Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
 
501 ch-1-mastering-security-basics
501 ch-1-mastering-security-basics501 ch-1-mastering-security-basics
501 ch-1-mastering-security-basics
 
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense
 
AWS User Group August Edition
AWS User Group August EditionAWS User Group August Edition
AWS User Group August Edition
 
Webinar: Vawtrak v2 the next big Banking Trojan
Webinar: Vawtrak v2 the next big Banking TrojanWebinar: Vawtrak v2 the next big Banking Trojan
Webinar: Vawtrak v2 the next big Banking Trojan
 
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
Incident Response: Tools & Techniques
Incident Response: Tools & TechniquesIncident Response: Tools & Techniques
Incident Response: Tools & Techniques
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
Dollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceDollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat Intelligence
 
See Web Security Trend from OWASP Top 10 - 2017
See Web Security Trend from OWASP Top 10 - 2017See Web Security Trend from OWASP Top 10 - 2017
See Web Security Trend from OWASP Top 10 - 2017
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
Security by Design: An Introduction to Drupal Security
Security by Design: An Introduction to Drupal SecuritySecurity by Design: An Introduction to Drupal Security
Security by Design: An Introduction to Drupal Security
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and Orchestration
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nube
 
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chain
 

Similaire à Sounding the Alarm with Real-Time AD Detection and Alerting

What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
Precisely
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
ClearDATACloud
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
TruShield Security Solutions
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
PECB
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
RedZone Technologies
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
IBM Security
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting Introduction
Blackbaud
 

Similaire à Sounding the Alarm with Real-Time AD Detection and Alerting (20)

What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
 
Reducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security BreachReducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security Breach
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
 
Cyber Security Case Studies
Cyber Security Case Studies Cyber Security Case Studies
Cyber Security Case Studies
 
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and Techniques
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
 
CompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfCompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdf
 
CompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfCompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdf
 
CompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training CourseCompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training Course
 
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
 
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
 
Security+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdfSecurity+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdf
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid them
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting Introduction
 
Standardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsStandardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower Costs
 

Plus de Quest

Plus de Quest (20)

DBA vs Deadlock: How to Out-Index a Deadly Blocking Scenario
DBA vs Deadlock: How to Out-Index a Deadly Blocking ScenarioDBA vs Deadlock: How to Out-Index a Deadly Blocking Scenario
DBA vs Deadlock: How to Out-Index a Deadly Blocking Scenario
 
Got Open Source?
Got Open Source?Got Open Source?
Got Open Source?
 
SQL Server 2017 Enhancements You Need To Know
SQL Server 2017 Enhancements You Need To KnowSQL Server 2017 Enhancements You Need To Know
SQL Server 2017 Enhancements You Need To Know
 
Quest to the Cloud - Identifying the Barriers to Accelerate Office 365 Adoption
Quest to the Cloud - Identifying the Barriers to Accelerate Office 365 AdoptionQuest to the Cloud - Identifying the Barriers to Accelerate Office 365 Adoption
Quest to the Cloud - Identifying the Barriers to Accelerate Office 365 Adoption
 
Top 10 Enterprise Reporter Reports You Didn't Know You Needed
Top 10 Enterprise Reporter Reports You Didn't Know You NeededTop 10 Enterprise Reporter Reports You Didn't Know You Needed
Top 10 Enterprise Reporter Reports You Didn't Know You Needed
 
Migrating to Windows 10: Starting Fast. Finishing Strong
Migrating to Windows 10: Starting Fast. Finishing StrongMigrating to Windows 10: Starting Fast. Finishing Strong
Migrating to Windows 10: Starting Fast. Finishing Strong
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup Story
 
Ensuring Rock-Solid Unified Endpoint Management
Ensuring Rock-Solid Unified Endpoint ManagementEnsuring Rock-Solid Unified Endpoint Management
Ensuring Rock-Solid Unified Endpoint Management
 
Effective Patch and Software Update Management
Effective Patch and Software Update ManagementEffective Patch and Software Update Management
Effective Patch and Software Update Management
 
Predicting the Future of Endpoint Management in a Mobile World
Predicting the Future of Endpoint Management in a Mobile WorldPredicting the Future of Endpoint Management in a Mobile World
Predicting the Future of Endpoint Management in a Mobile World
 
Office 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking AboutOffice 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking About
 
How to Restructure Active Directory with ZeroIMPACT
How to Restructure Active Directory with ZeroIMPACTHow to Restructure Active Directory with ZeroIMPACT
How to Restructure Active Directory with ZeroIMPACT
 
How to Secure Access Control in Office 365 Environments
How to Secure Access Control in Office 365 EnvironmentsHow to Secure Access Control in Office 365 Environments
How to Secure Access Control in Office 365 Environments
 
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
 
Your Biggest Systems Management Challenges – and How to Overcome Them
Your Biggest Systems Management Challenges – and How to Overcome ThemYour Biggest Systems Management Challenges – and How to Overcome Them
Your Biggest Systems Management Challenges – and How to Overcome Them
 
Top Five Office 365 Migration Headaches and How to Avoid Them
Top Five Office 365 Migration Headaches and How to Avoid ThemTop Five Office 365 Migration Headaches and How to Avoid Them
Top Five Office 365 Migration Headaches and How to Avoid Them
 
KACE Endpoint Systems Management Appliances - What’s New for 2017
KACE Endpoint Systems Management Appliances - What’s New for 2017KACE Endpoint Systems Management Appliances - What’s New for 2017
KACE Endpoint Systems Management Appliances - What’s New for 2017
 
How to Restructure and Modernize Active Directory
How to Restructure and Modernize Active DirectoryHow to Restructure and Modernize Active Directory
How to Restructure and Modernize Active Directory
 
How to Audit Privileged Operations and Mailbox Access in Office 365 Exchange ...
How to Audit Privileged Operations and Mailbox Access in Office 365 Exchange ...How to Audit Privileged Operations and Mailbox Access in Office 365 Exchange ...
How to Audit Privileged Operations and Mailbox Access in Office 365 Exchange ...
 
Mitigating Risk in a Complex Hybrid Directory Environment
Mitigating Risk in a Complex Hybrid Directory EnvironmentMitigating Risk in a Complex Hybrid Directory Environment
Mitigating Risk in a Complex Hybrid Directory Environment
 

Dernier

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Dernier (20)

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

Sounding the Alarm with Real-Time AD Detection and Alerting

  • 1. How to Overcome Common Hybrid AD and Cloud Security Challenges • Part 2: Sounding the Alarm with Real-Time AD Detection and Alerting
  • 2. Confidential3 Today’s speakers Bryan Patton - CISSP Principal Strategic Systems Consultant, Microsoft Platform Management Bryan.Patton@quest.com Austin Collins Product Marketing Manager, Microsoft Platform Management Austin.Collins@quest.com Shawn Barker Sr. Product Manager, Microsoft Platform Management Shawn.Barker@quest.com
  • 3. Confidential4 Confidential4 Webcast Series: How to Overcome Common Hybrid AD and Cloud Security Challenges Part 1: Identifying Hybrid AD Security Risks with Continuous Assessment • May 3rd at 11EST Part 2: Sounding the Alarm with Real-Time AD Detection and Alerting • May 10th at 11EST Part 3: Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged Access • May 17th at 11EST Part 4: Investigating and Recovering from a Potential Hybrid AD Security Breach • May 24th at 11EST Quest.com/StopHankNow Continually assess Detect and alert Investigate and recover Remediate and mitigate
  • 4. • What is Hybrid Directory Security? • Who is Hank the Hacker? • Hybrid AD and Cloud Security challenges • Quest Hybrid AD Security Solutions • Live Demo • Q&A and Wrap-up Agenda
  • 5. What is Hybrid Active Directory Security?
  • 6. Confidential8 Confidential8 • Office 365 requires an Azure AD instance • Azure AD provides the Directory Service for Office 365 applications • Azure AD integrates with On- premise AD creating a Hybrid Directory environment Hybrid Active Directory Environment
  • 7. Confidential9 What does AD have to do with Office 365 Security? 95 Million AD authentications are under attack daily 90% Of companies use on- premises AD 70% YoY growth for Office 365 adoption 1 Million Subscribers a month moving to Office 365 700 Million Azure AD accounts 10 Billion On-prem AD authentications per day 1.3 Billion MS cloud login attempts per day 75% Of enterprises with more than 500 employees sync on prem. AD to Azure AD 10 Million Daily MS Cloud logins are cyber-attacks
  • 8. Confidential10 Confidential10 Active Directory Security is Critical On-premises AD remains the core of security even in a cloud/hybrid environment On-prem is authoritative source and will replicate to Azure AD & Office 365 With security, you are only as secure as your weakest link 1 2 3
  • 9. Who is Hank the Hacker?
  • 10. Confidential12 Confidential12 • Organized criminal groups • State-affiliated actors • Disgruntled employees • Rouge administrators • Contractors • Etc. Who is Hank?
  • 11. Confidential13 Confidential13 How Hank Gets In? • Malware • Ransomware • Pass-the-hash • Weak passwords • Social engineering • Authorization creep • Spear Phishing • Etc.
  • 12. Hybrid AD Security Challenges
  • 13. Key Considerations • How will I know if any suspicious privileged account activities have occurred? • Have any changes occurred that could be an indication of an insider threat? • How will I know, quickly, if an intrusion has happened? • Could we be under brute-force attack right now? Key Considerations
  • 14. Confidential16 Confidential16 Key Challenges • Visibility into who is doing what across AD, Windows, Azure AD & Office 365 • Correlating activity across on premises and cloud resources into a single view • Tracking violations to security policies • Continuous compliance to external regulations & internal audits • Maintaining history of audit trails to satisfy internal policy & regulators
  • 15. Confidential17 Confidential17 Challenges with Native Auditing • No comprehensive, central view of all changes from all Windows platforms • Searching for a specific activity is time consuming and frustrating • Event details with limited information are difficult to interpret without expertise • No protection exists to prevent unwanted changes to the most sensitive objects, even from privileged users • No long term archiving of activity to satisfy internal security groups or external compliance requirements
  • 16. How Does Quest Help?
  • 17. Confidential19 Confidential19 Quest Hybrid Active Directory Security Solution Continually assess Detect and alert Remediate and mitigate Investigate and recover Active Directory Unified AD Fine-Grained Provisioning UNIX Servers SP2K PROD AZUREAD O365 INDIA ASIAPAC EMEA US Aqusiition AD. SAAS Apps. Exchange SQL File Servers On Prem. Apps AAD Connect
  • 18. Confidential20 Confidential20 Quest On-Prem & Hybrid Security Solutions • Investigate security Incidents • Continuously test your business continuity plan • Recover from a security incident • Improve your RTO following a disaster • Secure access to AD DC data • Enforce permission blacklisting/whitelisting in AD • Implement AD least-privilege access model • Reduce surface attack area in AD • Prevent unauthorized access to sensitive resources • Remediate unauthorized activities • Who has access to what sensitive data • Who has elevated privileged permissions • What systems are vulnerable to security threats • Detect suspicious privileged activities • Alert on potential insider threats • Notify in real time of unauthorized intrusions against • Detect and alert on brute-force attacks Continually assess Detect and alert Investigate and recover Remediate and mitigate
  • 19. Confidential21 Confidential21 Privileged Accounts • What are they doing with the access • Do they need that access • Reduce surface attack area
  • 33. Confidential35 Confidential35 Change Auditor Consolidates event data from on premises and from cloud targets Correlates identities across on premises and cloud Configures and maintain your audit policy across your hybrid environment 1 2 3
  • 34. Confidential36 Confidential36 InTrust Response actions based on events in logs Caching of logs to ensure complete audit trail Compression of logs for longer storage 1 2 3
  • 35. Confidential37 Confidential37 • Additional data than you natively receive on premise • Correlation of data in the cloud • Reduce noise to focus on what is important in your environment Summarize
  • 36. Confidential38 Confidential38 Next Steps: Attend next week or watch on-demand! Part 1: Identifying Hybrid AD Security Risks with Continuous Assessment • May 3rd at 11EST Part 2: Sounding the Alarm with Real-Time AD Detection and Alerting • May 10th at 11EST Part 3: Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged Access • May 17th at 11EST Part 4: Investigating and Recovering from a Potential Hybrid AD Security Breach • May 24th at 11EST Quest.com/StopHankNow Continually assess Detect and alert Investigate and recover Remediate and mitigate