Name: Breaking AD Trust Boundaries through Kerberos Vulnerabilities
Start: 2021-06-11T21:52:00Z
End: 2021-06-11T21:52:59.000Z
Location: BrightTALK
Rating: 0

The prevention and protection model of cybersecurity isn’t working: between the cloud, IoT, and the sheer pace of change, the enterprise is no longer built to be walled in. This channel provides educational webinars to help SecOps (SOC) and NetOps (NOC) teams, from CIOs and CISOs to analysts and practitioners, change their perspective in order to identify, investigate, and respond to threats across the modern attack surface. We explore how cloud-native network detection and response (NDR) provides the complete visibility, real-time threat detection, and intelligent response you need to secure your hybrid environment. You’ll also find product information about ExtraHop Reveal(x) which enables you to: Eliminate blind spots: Cover 100% of your hybrid environment, Detect what matters: Find threats 95% faster, and Act quickly: Respond to breaches 70% faster.

Learn more at www.extrahop.com

Public sector organizations invested in Intrusion Detection Systems (IDS) to meet security requirements sufficient for the perimeter-based cyber threats of the time. In today’s increasingly complex threat landscape, many public sector security teams are finding that their standalone legacy IDS comes up short. Others may not realize the blindspots of legacy IDS until it's too late.
 
Don’t be so quick to write off IDS. Thanks to innovations in decryption, machine learning, and other cyber defenses, modern IDS is becoming integral to achieving Zero Trust security in the public sector. 

Watch this on-demand webinar to:
- Explore the next evolution of IDS
- Learn how modern IDS can bolster your organization’s security posture

IDS: An Unexpected Key to Accelerating Zero Trust

For many security professionals, the nightmare scenario keeping them awake at night is a sophisticated, targeted attack aimed directly at their own organization and its specific defenses. In this webinar, experts describe the type of tools and processes necessary to help detect exploits that are usually well-obfuscated and stealthy. You will learn how to recognize targeted attacks and mitigate them before they can do real damage to your enterprise data.
During this webinar you will:
•Learn the fundamentals of detection
•Get advice on how to identify the most valuable data in the enterprise
•Walk away with expert guidance on the tools necessary to protect against targeted attacks
•Review processes that should be in place to protect your organization’s systems

Detecting, Analyzing, and Mitigating Targeted Attacks

As economic uncertainty persists, CISOs are under mounting pressure to demonstrate the value and impact of their cybersecurity programs and security technology investments. In this webinar, special guest Roland Cloutier, the former global CSO at TikTok, ADP and EMC, will discuss business operations protection as a next-generation cyber strategy. He’ll explain how to be a successful business and technical partner, and share strategies for evaluating security program ROI. 

The webinar will conclude with a conversation between Dan MacKenzie of ExtraHop and guest Sanitra Desai from Forrester. Dan and Sanitra will discuss findings from the commissioned Total Economic Impact™ study of the ExtraHop Reveal(x) 360 network detection and response platform, conducted by Forrester Consulting.

Demonstrating the Value of Cybersecurity: Lessons from a Global CSO

In this exclusive interview from CrowdStrike Government Summit 2023, hear from ExtraHop Co-Founder and COO Raja Mukerji on how government agencies can protect their operations with technology like Artificial Intelligence (AI) and Network Detection and Response (NDR).

ExtraHop Co-Founder & COO Raja Mukeri on Safeguarding Government Operations

Adversaries are moving faster than ever, with modern attacks coming from all fronts across network, endpoint, and other domains. In 2022, the average breakout time declined from 98 minutes to 84 minutes, highlighting the imperative for IT and security teams to act quickly and confidently when defending against threat actors. To detect and respond at speed, practitioners need ways to get the most from their existing toolset in order to unify data, augment manual effort, and cut out complexity.

Join Girard Ordway, Lead Partner Solutions Architect at ExtraHop and John Smith, Integration Solution Architect at CrowdStrike as they dive into how you can implement effective extended detection and response (XDR) to protect against threats like ransomware, privilege escalation or unauthorized remote access. See how you can easily integrate and get more value from your enterprise data platform by combining network and endpoint intelligence with automated response actions.

Join this webinar to learn:
•How to accelerate attack containment while minimizing disruptions to the organization.
•Ways to reduce the gap between quarantine and investigation for threat containment.
•What's needed to continuously identify and prioritize vulnerable devices to reduce risk.

How to Accelerate XDR Outcomes: Bridging the Gap Between Network and Endpoint

The days when CISOs would build out large Security Operations teams with giant screens mounted on large walls of a busy SOC seem to be waning.

Two opposing forces are wreaking havoc on CISOs budgets - security talent is difficult to hire and retain, and security technology is becoming more specialized and extensively integrated.

In many cases the confluence of these two forces are forcing many CISOs to confront the chicken and egg problem - buy technology, or staff the team? Old monolithic outsourcing models have failed to deliver value,
so where can CISOs turn? Modern problems require modern solutions and we are here to help be your trusted advisors to uncomplicate the process.

In this webinar our speakers will discuss modern challenges, to include: 
• Balancing a security budget while adapting to, and defending from, modern threats
• Understanding essential security technologies
• Operationalizing security technologies effectively
• Positioning limited resources to avoid costly and destructive breaches

Tech and Talent - Challenges Operationalizing Effective Security Teams

Please join ExtraHop and CrowdStrike on December 8 at 11:00am ET to hear from John Zangardi, former CIO of DHS, acting CIO of DOD, and Navy CIO, about the importance of federal mandates- including CISA's Shields Up. We will discuss how ExtraHop and CrowdStrike are working together to help federal customers meet mandates in the most effective way possible. Simply, this integrated security solution will allow the federal government to stay ahead of ever-increasing cyber threats.

Accelerate Cyber Modernization to Meet Federal Mandates

Join experts from global industry research firm IDC and ExtraHop as they discuss how to supercharge your security orchestration, automation and response (SOAR) platform with high-fidelity network intelligence. Gain greater, more reliable threat context and automate with confidence.

They’ll cover the most important features when considering SOAR and network detection and response (NDR) platforms, along with the top use cases to help you quickly maximize value.

Register today to learn more about:

- Combining threat intel feeds
- Gaining complete visibility into public cloud, encrypted traffic, and all of your devices
- Detecting anomalies in user/device behavior in near real time
- Mapping to the MITRE ATT&CK framework

Extract Value From Your SOAR Faster with NDR

Over the past couple of years, ransomware has evolved from relatively simple, opportunistic crimes to a prime concern for security and business leaders alike. The evolution of ransomware is a story of innovation as attackers realize that the amount of damage they cause directly corresponds to how big their payday will be. In this session, Thomas Clavel, Director of Product Marketing at ExtraHop will discuss common misconceptions about ransomware prevention and remediation and expose where attackers do the most damage on their path to extortion. He will share real life examples of ransomware mitigation and share practical guidance for where defenders should be looking to expose and root out intruders’ malicious behavior.

Stop Ransomware Before It Stops You - SANS Cyber Fest Solutions 2022

Current events and headline-grabbing attacks have thrust supply chain concerns front and center with business and government leadership. How will you keep your company from falling victim to an attack from your software supply chain?

Software supply chain attackers abuse trusted relationships between software users and suppliers to sneak in past perimeter defenses. The only way to catch them after that is to monitor the inside of your own enterprise.  This webinar will help you understand the threats, the impact, and how to keep your organization safer in a challenging environment.

If you manage, purchase, or protect software, you owe it to yourself and your organization to make time to learn how to manage and mitigate this growing third-party risk.

Detect and stop software supply chain attacks on the inside

Join CrowdStrike and ExtraHop to learn how to make extended detection and response (XDR) a reality, so your security team can stop ransomware and other advanced threats faster. 

You’ll learn about a new and more robust integration with CrowdStrike to that will allow you to:
    - Dramatically accelerate attack containment while minimising disruption to the organisation
    - Go from detection to quarantine to investigation in a single click to contain threats faster
    - Continuously identify and prioritise vulnerable devices to reduce risk

Advanced attackers work hard to evade defences and stay stealthy. By seamlessly correlating network intelligence and endpoint visibility, security teams can reduce attacker dwell time and respond instantly to stop an intrusion from becoming a breach.

Learn about specific tactics of today's sophisticated cyber attackers and how to take back the upper hand with XDR powered by ExtraHop and CrowdStrike.

How XDR Gets Real with CrowdStrike and ExtraHop

In this on-demand webinar CrowdStrike and ExtraHop walk through how to make extended detection and response (XDR) a reality, so your security team can stop ransomware and other advanced threats faster.

You’ll also learn about a new and more robust integration with CrowdStrike to that will allow you to:

    - Dramatically accelerate attack containment while minimizing disruption to the organization
    - Go from detection to quarantine to investigation in a single click to contain threats faster
    - Continuously identify and prioritize vulnerable devices to reduce risk

Advanced attackers work hard to evade defenses and stay stealthy. By seamlessly correlating network intelligence and endpoint visibility, security teams can reduce attacker dwell time and respond instantly to stop an intrusion from becoming a breach.

In this webinar you will learn about specific tactics of today's sophisticated cyber attackers and how to take back the upper hand with XDR powered by ExtraHop and CrowdStrike.

How XDR Gets Real: Stop Advanced Threats with CrowdStrike and ExtraHop

Digital transformation and cloud migration projects are fundamental to enterprise growth. While both the Offices of the CIO and CISO play a crucial role in this journey, the mindsets of the two executives commonly differ. Friction occurs when the CIO line of business has a mandate to recognize the speed and efficiency of the cloud immediately, while the CISO line of business needs to ensure that the proper security policies and procedures are in place.

How can the CIO and CISO engage in a balancing act that is beneficial to the priorities of both parties? Attend this webinar with Melinda Marks, Senior Cloud Security Research Analyst at ESG, and Guy Raz, Principal Systems Engineer at ExtraHop, to hear about the latest challenges, listen to best practices, and discover ways you can reduce friction in your enterprise.

The CIO-CISO Balancing Act in the Cloud

The visible financial impact of ransomware attacks has increased the need for security operations to reduce time to detect, mitigate and restore. Financial pressures in today’s environment are also putting a premium on processes and tools that can quickly show positive return on investment without high staffing requirements.

During this SANS What Works webcastSANS Director of Emerging Security Trends John Pescatore will interview Alfonso Powers. Director and Chief Information Security Officer at Asante Health to gain his insight on what he went through in the business justification details and deployment of Extrahop’s Reveal(X) to increase visibility into network traffic. Asante Health is a southern-Oregon based health care provider, with 600,000 customers and 6,500 employees across 3 hospitals. The increased visibility and the higher fidelity of detection allows Asante’s small security team to detect and disrupt most attacks in progress.

Reducing Time Detect with Limited Staff Using NDR Tools

The modern enterprise is built on a mountain of third-party and open source software. While this software enables growth and agility, it also introduces untold risk to the enterprise.
Compromises of the software supply chain are on the rise as a preferred attack style for intruders. This method takes advantage of trusted pathways to evade detection by traditional security tools. By compromising trusted vendors with large customer lists, intruders can achieve a one-to-many amplifying effect.
Listen in for an informative conversation of a modern supply chain attack. Our experts will expose the post-compromise attack techniques that are being used by advanced supply chain attackers, as observed in real customer environments.
Learn their playbook and stop supply chain attacks in their tracks. Using ExtraHop Reveal(x) 360, our experts will demonstrate the exact steps that cyber defenders can use to stop a supply chain attack before it can result in a costly breach.

Live & Interactive: Stop a supply chain attack in action

In this on-demand webinar CrowdStrike and ExtraHop walk through how to make extended detection and response (XDR) a reality, so your security team can stop ransomware and other advanced threats faster. 

You’ll also learn about a new and more robust integration with CrowdStrike to that will allow you to:

    - Dramatically accelerate attack containment while minimizing disruption to the organization
    - Go from detection to quarantine to investigation in a single click to contain threats faster
    - Continuously identify and prioritize vulnerable devices to reduce risk

Advanced attackers work hard to evade defenses and stay stealthy. By seamlessly correlating network intelligence and endpoint visibility, security teams can reduce attacker dwell time and respond instantly to stop an intrusion from becoming a breach.

In this webinar you will learn about specific tactics of today's sophisticated cyber attackers and how to take back the upper hand with XDR powered by ExtraHop and CrowdStrike.

On February 25, 2022, two days after Russia began its military invasion of Ukraine, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued a rare Shields Up warning for U.S.-based organizations, stating: “Every organization—large and small—must be prepared to respond to disruptive cyber activity.” CISA was not alone. Cybersecurity agencies around the world issued similar guidance, urging public and private organizations to take immediate steps to harden their cybersecurity posture and to take steps to support and enable security teams from the top down.

In this exclusive special edition of Man X Machine, John Zangardi former DHS, DoD, and Navy CIO, will join Samir Kapuria of Crosspoint Capital Partners and others to talk about the convergence of geopolitical and technological forces that led to this moment—and how they will shape the future of cyberwarfare.

Man x Machine: Shields Up

Whether you were born in the cloud, or a well-established company with an innovative approach, every enterprise holds some degree of risk. What sets enterprises apart is their management of and resilience against that risk. Join this interactive workshop for an informative conversation on how to uncover how much and what types of risk you hold, where risk is likely to grow in the future, and the risk-reduction strategies that will have the highest return on investment for your team and enterprise.

Risk Understanding Workshop: Reduce Risk and Build Resilience in the Enterprise

In larger enterprise environments multiple Active Directory forests are often in use to separate different environments or parts of the business. To enable integration between the different environments, forests trusts are set up. The goal of this trust is to allow users from the other forest to authenticate while maintaining the security boundary that an Active Directory forest offers.
In 2018, this boundary was broken through default delegation settings and Windows features with unintended consequences. In 2019 the security boundary was once again established through a set of changes in Active Directory. This research introduces a vulnerability in Kerberos and forest trusts that allows attackers to break the trust once again.
The talk will provide technical details on how Kerberos works over forest trusts and how the security boundary is normally enforced. Then the talk will discuss a flaw in how AD forest trusts operate and how this can be combined with a vulnerability in the Windows implementation of Kerberos to take over systems in a different forest (from a compromised trusted forest).
The talk will be accompanied by a proof-of-concept and a demonstration of abusing the vulnerability.

Breaking AD Trust Boundaries through Kerberos Vulnerabilities

Security

Cloud Security

network detection and response

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Breaking AD Trust Boundaries through Kerberos Vulnerabilities

Presented by

About this talk

More from this channel