Hi [[ session.user.profile.firstName ]]

ZeroLogon - What Every Organization needs to Know and Do Now

The recently discovered Zerologon exploit has sent shockwaves across organizations worldwide, as a vulnerability in the NetLogon Remote Protocol, allowing an unauthenticated attacker to connect to an Active Directory Domain Controller and subsequently own an Active Directory domain with ease. Despite a rapid response from Microsoft which included new group policy options, Registry keys, and event log entries, the implementation of these mitigative and detective controls are unfortunately far from straightforward. In the meantime, the clock is ticking for organizations and technology vendors to eradicate the existence of insecure NetLogon connections before the February 9, 2021 enforcement deadline, as well as for attackers seeking to leverage the exploit before the window of opportunity dissipates. Where does your organization stand? What's at risk? What can you do to expedite your organization's timeline to a secure state? Join Stealthbits' Technical Product Manager, Kevin Joyce and Security Researcher, Joe Dibley, for a quick, informative, 30-minute webinar about Zerologon where they'll answer important questions, such as:
• What is Zerologon?
• How does it work?
• Why is action needed now?
• What can Stealthbits do to help?
Recorded May 5 2021 28 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Kevin Joyce, Technical Product Manager & Joe Dibley, Security Researcher, Stealthbits now part of Netwrix
Presentation preview: ZeroLogon - What Every Organization needs to Know and Do Now

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Active Directory & Azure AD: Better Together, Pt. 2 Nov 16 2021 4:00 pm UTC 61 mins
    Sander Berkouwer, Enterprise Mobility MVP
    We already know the principle of hardening for on-premises systems, apps and services. Now, let’s apply it to the Microsoft cloud as well!
    Sander Berkouwer will show you the default settings in Azure AD and explain why they aren’t appropriate for all organizations. By looking under the covers of Azure AD, you’ll know when to dial the buttons that govern guest access, app consent and access to the Azure AD admin portal. Sander will sprinkle some Conditional Access, Microsoft Defender for Identity and Azure Log Analytics goodness on top of these settings to keep you on top of all things Azure AD.

    In this session you’ll find out:
    • What happens if you use the default Azure AD settings
    • How to harden your Active Directory, Azure AD and Microsoft 365
    • How to easily track and report on security and configuration changes in Azure AD
    • How to secure the sensitive data you store in Microsoft 365
  • Active Directory and Azure AD: Better Together, Pt. 1 Nov 9 2021 4:00 pm UTC 56 mins
    Sander Berkouwer, Enterprise Mobility MVP
    Part 1: Getting Maximum Value from Infrastructure Security Services

    The Microsoft cloud offers a wealth of benefits, from powerful enterprise applications and built-in high availability to predictable costs. But most organizations still need their on-premises IT environment as well. Fortunately, there are proven strategies for making your trusted Active Directory and your shiny new Azure AD tenant work together, enabling a seamless user experience and strong security.

    In this webinar, Enterprise Mobility MVP Sander Berkouwer shares his expertise for making that happen. Watch this session to learn:
    • The benefits of using Active Directory and Azure AD together
    • How to properly configure infrastructure security services, including Azure AD Conditional Access, Multi-factor Authentication (MFA), Connect Health, Identity Protection, and Password Protection
    • How to track both on-prem AD logins and Azure AD sign-ins in one dashboard
    • How to quickly detect and report on security changes in AD and Azure AD
  • Deep Dive: Unveil Your Hidden Risks with Netwrix Auditor Nov 2 2021 5:00 pm UTC 65 mins
    Roy Lopez, Systems Engineer at Netwrix
    Cybersecurity is all about understanding, managing, controlling and mitigating risk to your organization’s critical assets — which makes it a never-ending process that can take a lot of time. Wouldn’t it be great to spend less than 5 minutes a day on risk assessment and go home with no worries about your organization’s security? Believe it or not, Netwrix Auditor can help you do just that!

    Take part in a deep dive into risk assessment as Roy Lopez explains how to keep your IT infrastructure secure with Netwrix Auditor by:
    • Identifying weaknesses in your IT security policy settings and practices
    • Quickly spotting the risks that require your immediate attention
    • Drilling down to actionable details that enable prompt mitigation of those risks
  • Discover a New Approach to Securing Admin Accounts [Spanish] Recorded: Sep 30 2021 42 mins
    Jesus Saez (Country Manager Spain & Portugal at Netwrix), Thomas Limpens (Solution Engineer at Netwrix)
    There is no doubt that privileged accounts are a necessary evil in every IT environment. But though they serve important operational purposes and are a crucial part of day-to-day work for admins, they impose constant security risks. So, is there a better way?
    In this webinar, you’ll learn how you can dramatically reduce the risk associated with admin and service accounts, improve your compliance program, and close the gaps in Microsoft LAPS.
    Join this webinar to discover:
    • Just how much risk your current admin and service accounts are exposing you to
    • The top 5 things people hate about trying to manage those risks using traditional privileged access management (PAM) solutions
    • A better option: just-in-time admin accounts with just enough privilege and effective service account management
    • How this modern approach also limits lateral movement by attackers and streamlines compliance
  • Best Practices for Auditing Active Directory Recorded: Sep 27 2021 38 mins
    Brad Bussie, Director of Product Management at Stealthbits
    You rely on Active Directory (AD) to control which users can connect to your IT environment and what resources they can access. Like most organizations, you do a good job of monitoring AD. However, even the best security teams can overlook key configurations and conditions within AD that leave them vulnerable to a breach.

    To help companies identify security gaps in Active Directory, STEALTHbits has created Best Practice Reports that give you complete visibility into AD so you can:

    Mitigate toxic conditions like stale users, empty groups, and circular nesting
    Check user password status, enforce AD password policy, and ensure local admin passwords aren't stored in clear text
    Monitor privileged groups that grant the ability to logon to domain controllers (DC)
    And more...!
    With these AD Best Practice Reports, you can maintain the security, health, and compliance of Active Directory from one easy-to-use console. Find out more by registering for this webcast.
  • CQURE’s Overview of STEALTHbits Cyber Kill Chain Attack Catalog Recorded: Sep 27 2021 62 mins
    Rod Simmons (VP of Product Strategy - Active Directory Stealthbits Technologies), Paula Januszkiewicz(CEO of CQURE)
    Attacks against critical infrastructure like Active Directory and Windows operating systems are well documented, but often poorly communicated to or understood by the cybersecurity community as a whole. To help bridge the gap, STEALTHbits created a Cyber Kill Chain Attack Catalog. Designed to be a useful, informational asset, IT Security practitioners can now easily understand the specific and sophisticated tactics, techniques and procedures (TTPs) attackers are leveraging to compromise credentials and data.

    STEALTHbits has partnered with CQURE, Inc., a specialized IT infrastructure security consultant providing advisory services to organizations around the world, to shine a light on this valuable cybersecurity resource.

    In an informative, 60-minute webinar, Rod Simmons, STEALTHbits’ VP of Product Strategy, and Paula Januskiewicz, CEO and Founder of CQURE, will review our attack tutorials and offer their feedback on interesting attacks and breach scenarios. Together, they will provide a detailed overview and example demonstrations of important phases of the Cyber Kill Chain, including:

    - Discovery
    - Lateral Movement
    - Privilege Escalation
    - Persistence
  • FCW: The Business of Federal Technology Recorded: Sep 27 2021 59 mins
    Martin Cannard, VP of Product Strategy at Netwrix
    Data breaches have become commonplace, and despite significant investments in perimeter and endpoint security, breaches typically begin at the desktop and server layers of an organization’s IT infrastructure. From there, it spreads through the overabundance of privileged access rights to each system and other misconfigurations and vulnerabilities attackers exploit. The problem with traditional Privileged Access Management providers is that they focus on controlling access to accounts and their passwords, not on the activities the administrators need to perform. As a result, they provide a minimal reduction of an organization’s attack surface because the accounts still exist on the endpoint and can still be compromised.

    This 60 min presentation lead by Martin Cannard, VP of Product Strategy - Privileged Access Management, reviews the gap that exists between Privileged Access Management and Privileged Activity Management, highlighting a task-based approach that provides administrators with the exact level of privileges needed, exactly when they’re needed, for only as long as they’re needed – and then returns the environment to a no access-by-default state immediately upon completion.
  • Lateral Movement Techniques and How to Detect Them Recorded: Sep 27 2021 41 mins
    Jeff Warren, SVP, Products at Stealthbits
    Lateral movement techniques are leveraged by attackers to move throughout a network, slowly increasing privileges until they achieve their end goal. Pass-the-Hash, Pass-the-Ticket, and Overpass-the-Hash are three of the most common lateral movement methods performed on Windows systems.

    In this webinar, General Manager of Products, Jeff Warren takes a deep dive into these attack methods. View the recording to learn:

    What to look for and how to understand Active Directory lateral movement attacks
    Practical approaches on how to detect them
  • 3 Modern Active Directory Attack Scenarios and How to Detect Them Recorded: Sep 27 2021 89 mins
    Randy Franklin Smith( CEO, Monterey Technology Group, Inc.), Jeff Warren (SVP, Products)
    The threat landscape is ever-changing and, in this deeply technical webinar, Microsoft MVP Randy Franklin Smith and STEALTHbits SVP Jeff Warren show you three Modern Active Directory Attacks and what you can do to detect them:

    Extracting Passwords through the Active Directory database (NTDS.dit):

    With so much attention paid to detecting credential-based attacks such as Pass-the-Hash (PtH) and Pass-the-Ticket (PtT), other serious attacks, like attacks focused on exfiltrating the NTDS.dit file from Active Directory Domain Controllers, are often overlooked. We’ll show you what this threat entails, how it can be performed, and then review some mitigating controls to ensure you are protected.

    Kerberoasting:

    Kerberoasting takes advantage of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs) to enable attackers to crack passwords for those SPN-based service accounts. We’ll explain what SPNs are, review Kerberos fundamentals, and take you through prevention and detection techniques, including setting up a honey pot SPN and then monitoring the Windows Security Log for event IDs 4768/4771 for that account.

    DCSync:

    We’ve all heard of using Mimikatz for pass-the-hash but one of the most useful and scary ways is with the DCSync command where attackers imitate domain controllers and ask for user password data without running any code on a domain controller. Attackers can use DCSync to get any account’s NTLM hash, including the KRBTGT account, which enables them to create Golden Tickets. We’ll show you how to detect this kind of attack with event ID 4662 and other methods.
  • Scopri un nuovo approccio per proteggere gli account amministratore [Italian] Recorded: Sep 16 2021 75 mins
    Maurizio Taglioretti (Regional Manager SEUR at Netwrix), Rosario Bonanno (Sales Engineer at Netwrix)
    Non c'è alcun dubbio sul fatto che gli account privilegiati siano un male necessario in ogni ambiente IT. Ma anche se servono ad assolvere importanti compiti operativi e sono una parte cruciale del lavoro quotidiano degli amministratori, impongono costanti rischi di sicurezza.
    Cosa fare quindi?
    In questo webinar vedremo quindi come ridurre drasticamente il rischio associato agli account amministratore e di servizio, come migliorare il proprio programma di conformità ed affrontare le lacune nella sicurezza legate a Microsoft LAPS.

    Guarda il webinar per saperne di più su:
    • Il livello di rischio a cui ti espongono i tuoi attuali account di amministrazione e di servizio
    • Le 5 cose principali che le persone odiano del tentativo di gestire tali rischi utilizzando le tradizionali soluzioni di gestione degli accessi privilegiati (PAM)
    • Una scelta migliore: account di amministrazione just-in-time con privilegi appena sufficienti e gestione efficiente degli account di servizio
    • In che modo questo nuovo approccio possa limitare anche il movimento laterale degli aggressori e semplificare la conformità
  • CMMC: Raise Your Cyber Maturity Level Recorded: Aug 31 2021 54 mins
    Ryan Bonner (Founder and CEO of DEFCERT), Dan Piazza (Technical Product Manager at Stealthbits)
    The Cybersecurity Maturity Model Certification (CMMC) is a cybersecurity framework developed by the US Department of Defense (DoD) to ensure that its contractors protect sensitive information appropriately. It is based on established cybersecurity standards like NIST, ISO 27001 and UK Cyber Essentials, and most of the controls it requires are long-time cybersecurity best practices. However, it introduces new practices that can deliver far more robust security.

    While CMMC applies to every company within the DoD supply chain, any organization can benefit from implementing its core principles.

    Watch our session to learn:
    • What the CMMC is and what types of data it protects
    • The framework’s components
    • The 5 levels of cyber maturity
    • The timeline for CMMC implementation
    • How you can implement cybersecurity best practices from the CMMC and other standards, such NIST and ISO/IEC 27001, using Netwrix solutions
  • Deep Dive: How to Stay in Control of Your Office 365 Environment Recorded: Aug 27 2021 22 mins
    Bob Cordisco, Solutions Engineer at Netwrix
    Exchange Online and SharePoint Online permissions can be beyond unclear — they are often so complicated that they’re nearly impossible to untangle using native tools. Join Bob Cordisco, Netwrix solutions engineer, to find out how to overcome this critical gap in your Microsoft Office 365 protection strategy.

    During this session, you’ll learn how to:

    • Know exactly who has access to the most sensitive mailboxes in your Exchange Online
    • Spot broken inheritance in your SharePoint Online
    • Monitor every change to your SharePoint Online sites, lists and documents
    • Identify high-risk users with a consolidated view of all their anomalous Office 365 behaviour
    • Get alerts on activity that needs your immediate attention
  • Deep Dive: How to Reduce the Exposure of Your Critical Data Recorded: Aug 27 2021 31 mins
    Bob Cordisco, Solutions Engineer at Netwrix
    To reduce the overexposure of regulated and mission-critical data, it’s not enough to understand where it resides; you also need to uncover any issues that put the data at risk and quickly remediate them. With solutions from Netwrix, you can reduce the exposure of your sensitive data by moving it to a safe location, deleting confidential pieces of content from it and more.

    Discover how Netwrix solutions enable you to:
    • Understand which data needs protection and how exposed it is
    • Automatically migrate overexposed data to quarantine before a breach occurs
    • Automatically redact sensitive content from documents
    • Identify and revoke excessive permissions
    • Increase the accuracy of your data loss prevention (DLP) tool
  • Deep Dive: Force IT Risks to the Surface Recorded: Aug 27 2021 24 mins
    Dakota Brewer, Solutions Engineer at Netwrix
    Everyone knows that regular IT risk assessments are essential to both security and compliance. But they can be so complicated and expensive to perform that organizations often put them off — dramatically increasing their risk of data breaches and stiff fines. But what if the security gaps in your environment were identified and assessed automatically, with all the risks prioritized so it’s easy for you to deal with the most critical ones first?

    This might sound too good to be true, but it’s exactly what Netwrix Auditor’s IT Risk Assessment reports provide. Join our deep-dive session and find out how you can kick-start your risk assessment project in just a couple of clicks.

    In this 30-minute workshop, you’ll learn:
    • The 5 most common myths about IT risk assessment
    • The key steps in an effective risk assessment program
    • How you can easily identify, prioritize and reduce your risks with Netwrix Auditor
  • Engineers Workshop: How to Implement a CIS Hardened Build Standard Recorded: Aug 27 2021 24 mins
    Denis Goskolli, Technical Support Engineer at NNT
    Commercial and open-source system configurations generally lack all the necessary security measures needed before deploying into production. These configurations will often times have features and functionalities enabled by default, making them less secure and a prime target for today’s cyber criminals.

    Implementing a CIS hardened build standard can help you address this issue by disabling and removing unnecessary functionalities and features, allowing your security team to proactively minimize system vulnerabilities, enhance system integrity, achieve compliance, and reduce your attack surface.

    Watch this session and learn:
    • How to work through a CIS Benchmark Secure Configuration Guide & how to avoid the ‘Gotchas’
    • How to customize and expand to deliver a hardened build standard that’s designed for you
    • How to roll out to your IT systems, both manually and automatically
    • How to maintain everything in its secure, hardened state
  • Une nouvelle approche pour sécuriser les comptes d’administrateurs [French] Recorded: Jul 28 2021 47 mins
    Thomas Limpens, Solutions Engineer and Pierre-Louis Lussan, Country Manager, at Netwrix
    Il n`y a aucun doute que les comptes privilégiés sont un mal nécessaire dans chaque environnement informatique.
    Mais même s’ils servent à des fins opérationnelles importantes et constituent une partie cruciale du travail quotidien des administrateurs, ils imposent des risques constants pour la sécurité.
    Existe-il un meilleur moyen ?
    Dans ce webinaire, vous allez apprendre comment réduire considérablement le risque associé aux comptes d’administration et de service, améliorer votre programme de conformité et combler les lacunes de sécurité de Microsoft LAPS.

    Regardez ce webinaire pour découvrir :
    • Le niveau de risque auquel vos comptes d’administration et de service actuels vous exposent
    • Les cinq principales choses que les gens détestent lorsqu’ils essaient de gérer ces risques en utilisant des solutions traditionnelles de gestion de l’accès privilégié (PAM)
    • Une meilleure option : des comptes d’administration juste à temps avec juste assez de privilèges et une gestion efficace des comptes de service
    • Cette approche moderne limite également les mouvements latéraux des attaquants et simplifie la conformité
  • Deep Dive: Insider Threat Detection Recorded: Jul 20 2021 56 mins
    Bob Cordisco, Solutions Engineer at Netwrix
    Do organizations battle insider threats? They try to. Are they successful at mitigating the risk? Not so much. It’s a real challenge to spot malicious insiders before they cause damage, and even well-meaning users sometimes forget or ignore established information sharing and data protection protocols, especially those that seem arbitrary or inconvenient.

    Watch this 30-minute deep dive to learn how to:
    • Determine whether your organization should be concerned about insider threats
    • Get concrete evidence of privilege abuse incidents
    • Be notified about high-risk insider threat patterns
    • Identify security weak spots so you can remediate them before they are exploited
  • Top 10 Security Features to Enable in Microsoft 365 Recorded: Jul 20 2021 65 mins
    Liam Cleary, Microsoft MVP and a founder of SharePlicity
    Microsoft 365 offers a wealth of valuable collaboration tools — but what about security? By default, Microsoft provides various core security capabilities to protect the service itself, as well as controls that are available as needed for any organization. Unfortunately, many organizations do not implement them; some may not even know where they are. In fact, Microsoft 365 includes hundreds of configuration options that control everything from user authentication to external access to downloading of content. Knowing which settings to enable or disable is critical to a strong security posture.

    In this webinar, we will walk through the top 10 security controls that should be enabled in every Microsoft 365 tenant. We will discuss each one and explain why to use them. At the end of this webinar, you will understand which controls to implement to increase the security of your Microsoft 365 tenant.
  • GDPR Anniversary Panel Discussion: Data Protection in the Age of Remote Working Recorded: May 24 2021 62 mins
    Jonathan Armstrong (Partner at Cordery), Gina Fanning (Managing Director at COMPLINET), Michael Paye (CTO at Netwrix)
    May 25th marks the third anniversary of the GDPR’s effective date. We’ve all seen the effects: numerous compliance checklists and audits; the flood of opt-in consent emails; unprecedented international outreach; and giant fines looming over both large corporations and small organisations. But over the years, ‘the great data privacy panic,’ as it was called by BBC tech correspondents, has evolved into a pragmatic approach to compliance regulations. Data security is no longer merely a necessity but a business driver for digital transformation.

    Watch this moderated panel discussion to celebrate data privacy milestones and learn what compliance developments to expect.

    Our expert guests will discuss:
    - How 3 years of GDPR enforcement has already changed how organisations operate
    - How to factor privacy concerns into your cloud strategy
    - How new technology is changing how organisations approach data privacy
    - How the evolving threat landscape will influence compliance regulations
  • Enjeux du télétravail pour la sécurité de vos données [French] Recorded: May 24 2021 64 mins
    Raphaël Rault, Avocat Associé - Département Numérique Alter Via Avocats
    Avec l’explosion des technologies Cloud et de la généralisation de l’Internet à haut débit, de nombreuses organisations permettent à leurs employés de travailler à distance. La possibilité de travailler depuis n’importe quel endroit améliore la flexibilité et la productivité. Mais tout n’est pas aussi simple pour les professionnels de l’informatique qui doivent mettre en place l’infrastructure nécessaire pour soutenir le télétravail.

    Nous avons invité Raphaël Rault, Avocat associé au cabinet Alter Via Avocats, à partager son expertise sur les enjeux auxquels ses clients ont fait face lors de cette période de télétravail :
    - Anticipation : La sécurisation préalable des risques
    - Réaction : Les politiques de notification
    - Résolution : La fin de cycle des incidents
Powerful Data Security Made Easy
Netwrix empowers information security and governance professionals to reclaim control over sensitive, regulated and business-critical data, regardless of where it resides. Over 10,000 organizations worldwide rely on Netwrix solutions to secure sensitive data, realize the full business value of enterprise content, pass compliance audits with less effort and expense, and increase the productivity of IT teams and knowledge workers.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: ZeroLogon - What Every Organization needs to Know and Do Now
  • Live at: May 5 2021 10:06 am
  • Presented by: Kevin Joyce, Technical Product Manager & Joe Dibley, Security Researcher, Stealthbits now part of Netwrix
  • From:
Your email has been sent.
or close