Name: [Cyber Battle] Active Directory Security: Hacker vs Netwrix
Start: 2022-11-24T10:00:00Z
End: 2022-11-24T10:00:56.000Z
Location: BrightTALK
Rating: 5

Netwrix’s vision is to create a world where every organization has secured its data and identities. The 1Secure™ platform unifies identity and data security to provide complete visibility into where data lives, who can access it, and how it’s governed. With Netwrix, security teams strengthen data protection, safeguard identities, and stay ahead of evolving threats. Today, more than 13,000 customers, including nearly 25% of the Fortune 500, rely on Netwrix solutions across hybrid and AI-driven environments. With a 95% customer satisfaction rating, Netwrix offers flexible delivery models that are quick to deploy, easy to use, and built to scale for organizations of all sizes. 

For more information visit www.netwrix.com. 

Generative AI tools like Microsoft 365 Copilot, ChatGPT, and Claude enable employees to work at unprecedented volume and speed. However, this surge in AI-generated content has also introduced new risks and exposures that regulators are now closely monitoring.

In the era of generative AI, relying solely on tools for content inspection, device control, and endpoint privilege management isn’t enough to satisfy auditors or prevent data loss. Modern compliance frameworks, such as PCI DSS, HIPAA, NIST 800-53, ISO 27001, and CMMC, all require proof that your endpoints are correctly configured and that you have the necessary controls in place.

Join Jeremy Moskowitz, former 20X Microsoft MVP and CTO of Endpoints at Netwrix, to learn how Netwrix prevents data loss and proves compliance across multi-OS endpoint environments the quick and easy way.

During this session, Jeremy will show you how to:
· Prevent sensitive data exposure to LLMs while ensuring safe AI usage and shadow AI discovery.
· Secure USBs with MDM-style controls that include decoupled encryption keys, remote wipe, and password management
· Protect sensitive data across Windows, macOS, and Linux endpoints that connect to printers, Bluetooth devices, and the internet
· Enforce least privilege and prevent unauthorized software installation without disrupting user productivity or increasing helpdesk tickets
· Generate the audit-ready evidence required for CMMC, PCI, HIPAA, NIST, GDPR, and more

You’ll leave with a clear framework for turning everyday endpoint controls into verifiable compliance - proof that your endpoints are not just locked down but entirely governed in the era of AI.

Enforce and Prove Endpoint Compliance in the AI Era

Identity systems are not longer just part of security — they are security. Active Directory and Entra ID control who can authenticate, access critical systems, and recover operations after an incident. Yet most organizations still manage them reactively, discovering gaps only after privilege escalation, lateral movement, or outages expose fundamental weaknesses.
This session is for those responsible for ensuring identity systems remain secure, operational, and recoverable under pressure. We'll walk through the reality of hybrid identity: how misconfigurations accumulate silently, how inherited permissions create shadow admin access, and why monitoring alone won't save you when your identity layer becomes the attack surface or the single point of failure.
We'll cover three critical areas:
Know your exposure: map attack paths, misconfigured trusts, and excessive privileges before adversaries do
Detect what matters: identify privilege changes and anomalous access patterns in real time across AD and Entra ID
Recover with confidence: restore identity infrastructure precisely and quickly, ensuring business continuity when not if incidents occur.

Securing Identity & Access Management in AD/Entra ID

As enterprises rapidly adopt Copilot, GenAI, and modern cloud strategies, maintaining compliance and protecting sensitive information has never been more critical. This session explores how Data Security Posture Management (DSPM) delivers the visibility and control needed to stay ahead of risk while driving innovation. You’ll learn how to:
- Safely integrate Copilot and GenAI without exposing sensitive data
- Identify where sensitive data resides and who has access to it
- Apply governance best practices from security-forward organizations
- Move beyond alerts to proactively remediate risky data exposure
- Align DSPM with today’s security and compliance frameworks

Data Security Posture Management: Visibility, Control, and Trust in a Cloud-First World

Modern Device Control and USB Security: Preventing inbound ransomware and outbound data exfiltration in the face of new threats and mixed OS environments.
Modern Device Control needs to support multiple data transfer channels, adapt to emerging business and compliance requirements, and provide detailed, context-aware protections without compromising productivity. Today, data leaves organizations not only through USB sticks, but also through wireless methods such as Bluetooth, local and network printers, peer-to-peer sharing tools like AirDrop, mobile devices, and specialized ports, such as FireWire. Managing these risks is further compounded by mixed OS environments that include Windows, macOS, and Linux.
During this webinar, attendees will learn how to overcome challenges related to:
-            Device Control: Data loss via USB, Bluetooth, printers, mobile devices, and more
-            Ransomware Protection: Blocking unauthorized devices completely and eliminating risk at the hardware level
-            Enforcing Encryption: Encrypting files and devices to accommodate authorized data transfers while controlling access to decryption keys
-            DLP for Mixed OS Environments: Overcoming the unique device control and DLP challenges associated with environments that include Windows, macOS and Linux.

The Do's and Don'ts of Device Control Beyond USB Storage

Les ransomwares demeurent l’une des menaces les plus redoutables en cybersécurité, paralysant des systèmes critiques et infligeant des pertes financières considérables aux organisations. Mais comment ces attaques se déroulent-elles réellement ?
Dans cette session, l’expert en hacking éthique Clemens Domingo, aux côtés d’Anthony Moillic, vous plonge au cœur de l’anatomie d’une attaque de ransomware : de l’intrusion initiale au mouvement latéral, jusqu’au déploiement final de la charge utile. Grâce à des études de cas réels, ils dévoileront les méthodes de réflexion des attaquants, les failles les plus courantes exploitées par ces derniers et les bonnes pratiques pour renforcer vos défenses.
 
Ce que vous allez découvrir :
Les principales portes d’entrée exploitées par les attaquants aujourd’hui, et pourquoi elles restent si efficaces.
Le rôle de l’ingénierie sociale, des erreurs de configuration et des systèmes non corrigés dans les compromissions les plus fréquentes.
Des exemples réels d’attaques réussies et d’incidents évités de justesse, pour tirer des leçons concrètes.
Comment des outils tels que PingCastle permettent d’identifier proactivement les risques liés à Active Directory, avant que les attaquants ne les exploitent.

Ransomware démasqué : Tactiques, vecteurs d’attaque et enseignements concrets

In today’s increasingly decentralized IT environments, organizations are facing a modern identity crisis—one where traditional perimeter-aligned security is no longer effective, and identity has become the new attack surface. As cloud adoption, remote work, and third-party access proliferate, meshes of identities and permissions lead to serious risks. As users gain more and more privileges, identities sprawl, and unauthorized access to sensitive data continues to grow, this session is about how to take back full control.

This webinar explores how Zero Trust principles—rooted in continuous verification and least privilege access—can help organizations regain control. By implementing fine-grained Identity and Access Management (IAM) strategies, security teams can reduce risk, enforce policy consistently across hybrid environments, and protect critical assets from identity-based threats.

Zero Trust, Full Control: Tackling the Modern Identity Crisis in Data Security

Le Role Mining est crucial pour structurer efficacement les accès utilisateurs, renforcer la sécurité, assurer la conformité et optimiser les ressources au sein des opérations d'une solution IGA. 
Il permet de faire émerger les rôles métiers implicites dans vos modèles d'accès existants.
Cette émergences de rôles métiers réduit significativement la complexité de gestion de ces droits en apportant une vision de plus haut niveau.

Cette rationalisation des rôles améliore la sécurité de vos accès en les rendant appréhendables et compréhensible.

Le processus de démonstration de conformité réglementaire s'en trouve facilité en fournissant une vue claire et organisée des droits d'acc_ès des utilisateurs.
En automatisant la détection et l'assignation des rôles, la charge de travail des équipes IT s'en trouve réduite permettant de réaffecter leurs efforts sur des tâches à plus forte valeur ajoutée.

Le module de role mining de Netwrix Identity Manager s’appuie sur le Machine Learning pour simplifier et accélérer cette démarche. Au programme de cette session : 

Une démonstration concrète du module de role mining 
L’analyse du retour sur investissement après sa mise en œuvre 
Des retours d’expérience d’entreprises ayant déjà adopté cette approche

L'IA au service de la gouvernance des accès

¿Desea mantener sus datos confidenciales seguros y garantizar el cumplimiento de las regulaciones de protección de datos como GDPR, NIST o PCI DSS? Comience a utilizar Netwrix Endpoint Protector para supervisar y proteger la IP de la empresa, los PII, los datos financieros y otros tipos de datos regulados sin comprometer la productividad.


Vea nuestro seminario web y descubra cómo Netwrix Endpoint Protector puede:
Bloquee, controle y supervise los puertos USB y periféricos para detener la pérdida de datos
Detenga la pérdida de datos en el endpoint con el análisis contextual en Windows, macOS y Linux
Cifre, administre y proteja los dispositivos de almacenamiento USB para proteger los datos en tránsito
Analice los datos confidenciales almacenados en los puntos finales de Windows, macOS y Linux y tome medidas correctivas de forma remota

Cómo mejorar su estrategia de prevención de pérdida de datos con Netwrix Endpoint Protector

The term “privileged access" in Windows is open to interpretation.  Are you simply talking about membership in the local Administrators group?  If so, you need to think about local accounts and if the system is joined to AD then domain accounts.  If it’s an Entra-joined Windows 11 box or an Azure VM then there’s Entra accounts that could be admins. 
But privileged access goes way beyond the Administrators group.  There are a number of admin-equivalent user rights such as “Act as part of the operating system”. 
And again, if the system is part of an AD domain, then anyone with certain group policy related permissions on the OU branch of the computer account has indirect but definite privileged access.  Likewise for systems managed by Intune.  If the system is a VM then it depends on the particular hypervisor or cloud environment.  Azure for instance provides multiple routes of privileged access into VMs based on resource group permissions.
Windows itself has multiple connection points for privileged accounts including RDP, shared folders, WinRM, RPC, etc.  Do you disable these individually or rely on Windows firewall or an external firewall?
Bottom line is there are many vectors to privileged access in Windows, and it can be confusing because so much of this functionality has accreted over time with the progression of IT eras that Windows has lived through. 
In this real training for free session, I will try to give you a comprehensive view of privileged access in Windows covering all these areas and more.  Then I will focus on key choke points that if you understand and properly control will give you confidence that privileged access to your Windows systems is truly locked down to who should actually have it.

Understanding the Multiple Layers of Privileged Access in Windows

Ransomware continues to be one of the most devastating forms of cyberattack, often leaving organizations locked out of critical systems and facing major financial losses. But how do these attacks really happen?
In this session, ethical hacker Clemens Domingo and Anthony Moillic will walk you through the anatomy of a ransomware attack—from initial access to lateral movement and payload deployment. With real-world case studies, they’ll highlight how attackers think, where organizations commonly fail, and how to tighten defenses.

You’ll learn:
The most common entry points attackers use today
How social engineering, misconfigurations, and unpatched systems lead to compromise
Real-world examples of successful attacks and near misses
How tools like PingCastle can help uncover Active Directory risks before attackers do

Ransomware Revealed: Tactics, Entry Points, and Real-World Lessons

Most insider threats start on the machines you and your team manage, where users have too much access, USB ports are wide open, and risky apps slip through the cracks. 
Join Jeremy Moskowitz, 20X Microsoft MVP and CTO of Endpoints at Netwrix, to learn how desktop admins and IT Security Pros can take back control, close dangerous gaps, and stop data loss before it starts.
· Spot common endpoint misconfigurations that enable insider threats
· Learn how to remove local admin rights without breaking workflows
· See how to control USBs, apps, and data movement across endpoints
· Discover how to enforce policy and gain visibility without complicated scripting

Block Insider Threats Where They Start – at the Endpoint

Le principe du moindre privilège est un pilier fondamental des architectures Zero Trust modernes — mais sa mise en œuvre concrète reste un défi pour de nombreuses organisations. Ce webinar vous montrera comment dépasser les modèles d’accès traditionnels pour adopter une gestion des privilèges plus dynamique et axée sur les risques. Vous découvrirez comment réduire la surface d’attaque en éliminant les privilèges permanents, activer des accès à la demande, et garder un contrôle total sur chaque session privilégiée.

Regardez notre webinar pour apprendre comment :
Éliminer les privilèges permanents, afin de réduire l’exposition aux menaces internes et aux abus d’identifiants.
Mettre en place des accès Just-in-Time, pour que chaque utilisateur n’ait que les droits nécessaires, au bon moment.
Surveiller et enregistrer les sessions privilégiées, afin de garantir la traçabilité et faciliter les audits.
Appliquer le principe du moindre privilège de manière cohérente, dans le cadre d’une stratégie Zero Trust globale.

Le Zero Trust commence ici : Sécurisez les accès privilégiés avec le principe du moindre privilège

La mise en place d'une solution de Gestion et Gouvernance des Identités (IGA) est devenue un enjeu stratégique pour les entreprises de toute taille. Pourtant, initier et structurer un tel projet peut s’avérer parfois complexe.
 
Dans ce webinar, nos experts vous guideront à travers les 10 règles essentielles pour garantir le succès de votre projet IGA. Vous apprendrez à :
·       Maîtriser les fondamentaux d'un projet d'IGA pour une mise en place efficace
·       Anticiper les défis et éviter les pièges que beaucoup d'entreprises ont rencontré
·       Lancer votre projet en toute confiance avec une approche claire et structurée

Les 10 règles pour réussir votre projet de gestion des identités

Active Directory has been the foundation of access management for over 25 years, used by most organizations to control access to resources both on-premises and in the cloud. Over time, IT pros have turned to forums, videos, and online communities to troubleshoot AD issues only to discover that a forgotten configuration from years ago, or a well-meaning shortcut like copying user accounts, can lead to major problems today.
With constant security updates from Microsoft and increasingly complex permission structures, many admins -new and experienced alike - struggle to understand who has access to what and why. This session helps you cut through that complexity and take control of your AD environment.

In this session, Sander Berkouwer and Netwrix Solution Engineer Darryl Baker show how PingCastle, Access Analyzer, and Threat Prevention help admins:
- Quickly and securely assign permissions across the organization
- Equip new admins with clear insights into AD and Entra ID permissions and delegations
- Detect and block unauthorized changes to prevent new security issues

Active Directory Recommended Practices, Part 1: Avoiding and detecting unintended permission changes

Active Directory est constamment attaqué, avec 95 millions de comptes ciblés quotidiennement. Les menaces basées sur l'identité permettent aux attaquants de se déplacer latéralement, d'élever les privilèges et de compromettre vos systèmes critiques. Les outils traditionnels ne suffisent pas à les arrêter.

Découvrez comment nos solutions sécurisent votre AD hybride de bout en bout, de l'identification des vulnérabilités à la détection des menaces, en passant par l'automatisation des réponses et la récupération rapide en cas d'incident.

Ce que vous allez apprendre :

Regarder
1) Pourquoi Active Directory est une cible de premier plan et comment les attaquants l'exploitent.
2) Comment Netwrix détecte et contient les menaces basées sur l'identité en temps réel.
3) Les avantages d'une réponse automatisée et d'une récupération rapide.
4) Bonnes pratiques pour protéger votre environnement AD.

Regardez dès maintenant notre webinar et reprenez le contrôle de la sécurité de votre Active Directory !

Maîtrisez la sécurité de l’Active Directory : détectez, répondez, récupérez

Ransomware continues to be one of the most dangerous and financially devastating threats facing organizations today — but it's not just data that's at risk. Ransomware campaigns are increasingly targeting identity systems like Active Directory and Entra ID, seeking to escalate privileges with a goal of complete takeover. Securing identity has become a critical pillar in a modern ransomware defense strategy.
In this webinar, we explore the continuous evolving threat landscape of ransomware, how these attacks unfold, and why identity compromise is often the center of large-scale breaches. We break down the typical ransomware attack chain, highlighting how attackers leverage stolen credentials and Active Directory weaknesses to succeed.
We discuss major ransomware incidents, including wannacry, Revil, and lockbit with real-world examples of the severe impact identity-focused ransomware can cause. We also profile notable threat groups and their tactics to give you actionable insights into how ransomware operations work today compared to just a few years ago.
We finish the session with a live 15-minute demonstration of Netwrix Threat Prevention, showcasing how it can detect ransomware behavior early, identify anomalous activities linked to identity compromise, and automatically take action to contain and stop an attack before it spreads. We also touch on the importance of internal assessments to understand what vulnerabilities potentially lie in your environment.
Security practitioners, junior or senior will all walk away from this sessions with essential strategies to strengthen your defenses, focusing on identity protection as a core component of ransomware resilience.

"Dear Identity": A Ransom Note and Deep Dive into Ransomware Attacks and Proactive Identity Security

Join our comprehensive 60-minute webinar designed to empower IT professionals with the expertise to manage and secure
endpoints using Netwrix Solutions. Dive deep into the technical landscape with a live demonstration that showcases how
Netwrix can streamline your endpoint management processes. Additionally, explore the architectural framework of Netwrix,
revealing how seamless integration can strengthen your existing IT infrastructure. Gain insights into operational best
practices that enhance workflow efficiency and discover sophisticated security features for proactive threat detection
and compliance. Learn how customization options allow scalable solutions tailored to your organization's unique needs.
Don’t miss this chance to elevate your endpoint management strategy with expert guidance and practical insights.

Mastering Endpoint Management with Netwrix

Les fuites de données ne proviennent pas toujours de l’extérieur. Une simple erreur humaine, un collaborateur négligent ou malveillant peut exposer vos données sensibles et compromettre votre conformité réglementaire. Ce webinaire vous montrera comment Netwrix aide les organisations à détecter, bloquer et gérer efficacement les risques internes.
Grâce à une surveillance fine des transferts de données, à un contrôle précis des périphériques et à la centralisation des politiques de sécurité, vous pourrez minimiser les risques sans entraver la productivité.
Ce que vous allez apprendre :
Détection des comportements à risque et des violations potentielles
Contrôle des périphériques USB, des ports et des transferts réseau
Application de politiques de sécurité granulaires sur tous les systèmes d’exploitation
Démonstration en direct des capacités de protection contre les menaces internes
Regardez notre webinaire pour apprendre à reprendre le contrôle de vos données, même face aux risques invisibles venant de l’intérieur.

Données à Risque : Comment Prévenir les Fuites Internes avec Netwrix

Bad actors relentlessly hammer Active Directory environments with attacks that are easy to pull off — but often hard to detect and defend against. Want to see exactly how some of the most common attacks unfold, step by step, and discover effective strategies for spotting and responding to them? 

Join this webinar for a front-row seat at an epic cyber battle: Brian Johnson (security enthusiast and president of 7 Minute Security) and Kent Tuominen (solutions engineer at Netwrix) will launch and defend against multiple attacks, including:
- Kerberoasting and AS-REPRoasting
- Password spraying
- Pass-the-hash attacks
- Running SharpHound/BloodHound to map privilege escalation paths

[Cyber Battle] Active Directory Security: Hacker vs Netwrix

Cyber Attacks

Cyber Crime

Cyber Defence

Cyber Security

Data Security

IT Security

Information Security

Active Directory

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

[Cyber Battle] Active Directory Security: Hacker vs Netwrix

Presented by

About this talk

Netwrix