Name: Catching Active Directory Reconnaissance from Rogue Devices
Start: 2022-06-14T15:49:00Z
End: 2022-06-14T15:49:35.000Z
Location: BrightTALK
Rating: 5

Attivo Networks closes the cyber security detection deficit with dynamic deception that accurately and efficiently reveals in-network threats and their lateral movement.

Attivo Networks is proud to sponsor CyberEdge’s 2022 Cyberthreat Defense Report. Now in its ninth year, this report provides a comprehensive review of the perceptions of 1,200 IT security professionals representing 17 countries and 19 industries.

Register now and be amongst the first to hear about top report findings such as:
• The latest cyberattack trends and which attacks had high success rates
• Top threats that cause organizations the most concern
• Current security team sentiments on their ability to defend against today’s attacks
• Weakest links, IT security challenges, and barriers to establishing effective defenses
• High demand technologies, and surprising omissions in the report
• Emerging technology trends you should know
Use the findings outlined in this webinar to benchmark your company’s security posture, operating budget, product investments, and best practices against peers in your industry and region.
Event Details
Date: Tuesday, April 19
Time: 11:00 am PT | 2:00 pm ET

Findings From 2022 Cyberthreat Defense Report

Active Directory (AD) reconnaissance and exploitation is now a common technique utilized by attackers and ransomware gangs.

Why do attackers target Active Directory? AD is the primary source of information for all enterprise resources and is fundamental to the applications that run an organization, which is why adversaries consider it a high-value target.

Join this Best Practices session to learn about the Attivo Networks Active Directory Protection portfolio. During this session, you will learn:

How to effectively reduce your AD attack surface, limiting the number of ways an attacker can exploit AD
How to gain visibility into real-time attacks, including brute-force and mass account changes, regardless of their source
How to identify users and applications making queries into privileged AD objects
How to hide your critical accounts from unintended eyes and deliver misinformation to attackers to halt their progress

Comprehensive Approach to Active Directory Protection

Active Directory (AD) is the primary source of information for all enterprise resources, making AD a high value attack target. This is why nearly all modern ransomware attacks by notorious gangs such as Conti, LockBit, Maze and others include AD enumeration and exploitation attempts.

Understand how to protect your AD against ransomware attacks by joining Attivo experts for a virtual best practices session. You will learn how to:
• Gain visibility into real-time attacks
• Identify users and applications making queries into privileged AD objects
• Hide your critical accounts from unintended eyes
• And more, all without requiring privileged accounts or running additional software on your domain controllers!

Protect Your Active Directory Against Ransomware Exploitation

Active Directory (AD) reconnaissance and exploitation is now a common technique utilized by attackers and ransomware gangs.

Why do attackers target Active Directory? AD is the primary source of information for all enterprise resources and is fundamental to the applications that run an organization, which is why adversaries consider it a high-value target.

Join this Best Practices session to learn about the Attivo Networks Active Directory Protection portfolio. During this session, you will learn:

- How to effectively reduce your AD attack surface, limiting the number of ways an attacker can exploit AD
- How to gain visibility into real-time attacks, including brute-force and mass account changes, regardless of their source
- How to identify users and applications making queries into privileged AD objects
- How to hide your critical accounts from unintended eyes and deliver misinformation to attackers to halt their progress

As more companies adapt their policies to accommodate the fact that many employees will continue to work from home, the IT security manager has to expand the concept of “endpoint security.” Does that include the employee’s personal printer and home wireless network? How much responsibility is your enterprise going to take for the security of personal devices? How do you protect their credentials for cloud-based applications and manage their identities so that attackers can’t weaponize those accounts against your organization? In this webinar, experts offer recommendations on how to build the endpoint security strategy that balances what end users may use to get their work done and what the enterprise is able to accommodate. You will receive tips on how to develop a consistent endpoint security strategy that works for all users and applications. You will walk away with a clearer idea of how your enterprise can tackle the endpoint security problem.
Attend this webinar and you'll:

- Discover new techniques, tips, and procedures for safeguarding remote users and their data.
- Improve the security posture of your end-users, regardless of whether they're accessing the company network or the cloud.
- Find smarter ways to lock down important endpoint assets like identity data and application access.
- Recalibrate how granular you want your endpoint protection policies to be.

Rethinking Endpoint Security

For cyber criminals, Microsoft’s Active Directory is a treasure trove of user identity and system access. But while Active Directory is a potential attack vector, it can also play a crucial role in enterprise cyber defenses. In this webinar, experts will describe tools, processes, and strategies for improving user and system security, and for integrating AD into an effective security architecture. You’ll also learn about the latest attacks and threats posed to AD, and how you can mitigate them.

Attend this webinar and you'll:
• Get a clearer picture of the threat landscape associated with Active Directory.
• Discover new tips and tricks to leverage AD and improve your security posture.
• Learn lesser known mitigation techniques that blunt or nullify AD threats.
• Be better equipped to integrate AD into your larger security management framework.

Building an Effective Active Directory Security Strategy

For cyber criminals, Microsoft’s Active Directory is a treasure trove of user identity and system access. But while Active Directory is a potential attack vector, it can also play a crucial role in enterprise cyber defenses. In this webinar, experts will describe tools, processes, and strategies for improving user and system security, and for integrating AD into an effective security architecture. 
You’ll also learn about the latest attacks and threats posed to AD, and how you can mitigate them.

Attend this webinar and you'll:

• Get a clearer picture of the threat landscape associated with Active Directory.
• Discover new tips and tricks to leverage AD and improve your security posture.
• Learn lesser known mitigation techniques that blunt or nullify AD threats.
• Be better equipped to integrate AD into your larger security management framework.

Attackers are increasingly targeting enterprise identities to impersonate users, allowing them to evade defenses, elevate privileges, acquire targets, and compromise them.

Watch this boot camp webinar series to understand and learn how to detect an attack early in the process, derail and misdirect an attacker’s next move, and gather forensic information for a stronger defense.

Part 2 – Disrupting the Attacker’s Toolkit – Detect, Hide and Deny, Engage

• Derail Attacks – Detect and Respond
See how deception and concealment technologies misinform and misdirect attacks with decoy objects and credentials, derailing their activities while providing early warning.

• Engage Attackers – Gather Threat Intelligence
Learn how full OS decoys engage attackers and record their activities, capturing forensic data to create threat intelligence and strengthen defenses.

Bootcamp Series Part 2: Disrupting the Attacker’s Toolkit - During the Attack

Attackers are increasingly exploiting enterprise identities, allowing them to evade defenses, elevate privileges, acquire targets, and compromise them.

Watch the boot camp webinar series to understand and learn about an attacker’s line of sight and how to protect critical assets from compromise.

Part 1: Disrupting the Attacker’s Toolkit – See, Protect and Prevent

• See What Attackers Can Attack – Visibility and Attack Surface Reduction
Learn how to gain visibility of what an attacker sees to identity risks and entitlement exposures, then reduce the identity attack surface by remediating these exposures to limit what attackers can exploit.

• Cloaking Critical Assets – Protect and Prevent Access to Assets
Learn how deception and concealment technologies protect sensitive or privileged local credentials, Active Directory objects, and other production data to deny attackers opportunities for access or exploitation.

Bootcamp Series Part 1: Disrupting the Attacker’s Toolkit - Before the Attack

The outbreak of European conflict over the past week brings with it an unprecedented level of concern for pending cyber-attacks.  In light of previous attacks and potential threats, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a related-and-rare cyber “Shields Up” warning to the U.S. private sector, including health care, based upon the increased cyberthreat posed by the Russian government.

John Riggi serves as the first national advisor for cybersecurity and risk for the American Hospital Association (AHA), and brings nearly 30 years of experience as a highly decorated veteran of the FBI.  In this feature keynote, he is interviewed by Carolyn Crandall, Chief Security Advocate from Community Partner Attivo Network, whose business serves the healthcare industry with cybersecurity innovation. 

Mr. Riggi discusses what the elevated international cyber-threat landscape means to healthcare organizations. He speaks from his experience and extensive recent conversation with the leaders from the AHA’s 5,000+ member hospitals and health systems. 

This “Russia-Ukraine Conflict: Impact on Cyber Threats to US Healthcare” keynote discusses:
• Healthcare specific concerns amid expanded remote work and the rapid move to cloud operations.
• The need for healthcare organizations to take a fresh look at identity protection that expands beyond Authentication and Multi-Factor Authentication 
• Security innovations for identity exposure risk mitigation and Identity Threat Detection and Response (ITDR) protection"

Russia-Ukraine Conflict: Impact on Cyber Threats to US Healthcare

Tom Kellermann, is the Head of Cybersecurity Strategy for VMware, a Wilson Center Global Fellow for Cybersecurity Policy, and an appointed member of the Secret Service Cybercrime Investigations Advisory Board. 
He will join Tony Cole, the Chief Technology Officer of Attivo Networks for a lively Fireside Chat and Live Q & A on January 27th at 9:00 AM PST | 12:00 PM EST.

2021 was a year of major vulnerabilities and significant related attacks. The year began with reactions to the SolarWinds attack, Hafnium, and is closing with the Log4j vulnerability. In fact, as this abstract was written, the week of December 13th the DHS CISA Vulnerability Bulletin shows hundreds of new vulnerabilities, that’s in one single week. Join Tom and Tony to learn what is driving this rapidly evolving threat landscape, 
what the future holds, and what defenders can do differently to stop attackers. 

Live Fireside Chat – A Look Back and Forwards at Our Evolving Threat Landscape
Attend to hear: 
· How the threat landscape has evolved over the last year
· Where the threat landscape is going next year and beyond
· What government policies and regulations are likely going to evolve
· What can cyber defenders do differently to counter new threats
· What are the top recommendations for a new CISO to focus on initially?
· Does Cyber-hygiene cover enough ground?

Regardless of your organization’s security maturity, this session will provide you with insights into possible future attacks and help prepare you to derail the surging wave of attacks.
 
LIVE Q&A
Tom and Tony will be taking questions from the audience during a live Q&A session. Get your questions ready!

A Look Back and Forwards at Our Evolving Threat Landscape with Tom Kellermann

Whether motivated by risk avoidance or pushed by compliance, identity security has become a top concern for CISOs regardless of their industry or size. Gartner now presents identity-first security as a top 3 CISO priority for 2021. 

Savvy CISOs are taking action to protect their business’s continuity and company welfare by increasing their investments in Identity Detection and Response (IDR) solutions. According to a recent study conducted by EMA Research, 86% of survey participants plan to increase investments to protect against identity compromise, privilege escalation, and attacker lateral movement.

Join this session to learn: 
1. What identity protection looks like beyond traditional provisioning, connecting, and controlling identities. 
2. What conditions allow attackers to leverage credentials, Active Directory, and the vast over-provisioning and policy drift of entitlements in the cloud. 
3. How to close gaps between Endpoint Detection and Response (EDR) and Identity Protection solutions.
4. What new visibility and detection tools have emerged to protect credentials, entitlements, and the systems that manage them. 
5. How to justify budget and validate the need for identity security. (Hint: Ransomware readiness assessments all point to Active Directory misconfigurations that can grant access and control.) 

Special Offer for Registered attendees: Eligible businesses will receive a free Active Directory Assessment and Summary Report from Attivo Networks.

Protecting Legal Organizations from Identity-based Attacks

Whether motivated by risk avoidance or pushed by compliance, identity security has become a top concern for CISOs regardless of their industry or size. Gartner now presents identity-first security as a top 3 CISO priority for 2021. 

With healthcare, hospitals in particular, being in the crosshairs and under relentless attack Identity Detection and Response (IDR) is critical for protecting against identity compromise, privilege escalation, and detecting attacker lateral movement. It is not about controlling authentication or MFA. IDR is about protecting credentials, entitlements, and the systems that manage them, from endpoints to Active Directory to the cloud. Understanding its fit in the security stack is critical as it closes gaps between Endpoint Detection and Response (EDR) and Identity Protection solutions.
 
During this session healthcare organizations learn how attackers are leveraging credentials, Active Directory, and the vast over provisioning of entitlements to successfully conduct some of the most damaging attacks that we have ever seen.
 
 You will also be introduced to new technology that is now available for:
 · Credential exposure and vulnerabilities visibility
 · Attack path visibility and attack surface reduction
 · Active Directory exposure visibility and live attack detection
 · Cloud Infrastructure Entitlement Management for identifying overprovisioning and policy drift
 
Regardless of your healthcare organization’s security maturity or size, this session will equip you with key insights to be ready for ransomware and identity-based attacks.

Protecting Healthcare from Ransomware and Identity-based Attacks

Whether motivated by risk avoidance or pushed by compliance, identity security has become a top concern for CISOs regardless of their industry or size. Gartner now presents identity-first security as a top 3 CISO priority for 2021.

Join John O’Neill the Chief Information Security Officer at Molded Fiber Glass (MFG) Companies and Carolyn Crandall the Chief Security Advocate at Attivo Networks for a lively discussion on Identity Security as the Next Big Thing.

The duo will discuss why and how savvy CISOs are taking action to protect their business’s continuity and company welfare with Identity Detection and Response (IDR) and visibility solutions.

What You'll Learn
* Identity security and how has it evolved
* The biggest weaknesses in identity protection
* Factors to consider and their influence on identity security budgets & adoption
* John saw new identity security solutions in action and will share his views on the experience.

Truth or Dare of Identity Security

Former Director of the U.S. Cybersecurity Infrastructure Security Agency (CISA) and Co-Founder of Krebs Stamos Group, Christopher Krebs, will be joining Tony Cole, Chief Technology Officer of Attivo Networks for a lively “lay it on the line” fireside chat and Q&A on November 3 at 9:00 a.m. PDT.

Join Chris Krebs live to learn what has been at the center of virtually every major attack and what cybersecurity teams need to do differently to stop attackers. Krebs will discuss what organizations are experiencing today and the changes needed to combat the highly effective attacker tactics that have resulted in mass disruption of services and unprecedented ransomware payouts.

Attend to hear
• Attacks are occurring at a blistering pace with almost always one thing in common.
• Enterprise ransomware readiness audits share this common weak link.
• Why requests for avoiding attacks on critical infrastructure will be ineffective
• Identity-first security has been presented as a top 2021 priority, but is it?
• Identity protection based on MFA and SSO alone isn’t enough, what’s next?
• What upping the game in identity security looks like.
• What organizations and government agencies can do to be more resilient to cyberattacks.

Regardless of your organization’s security maturity, this session will provide you with key insights to be ready for and equipped to derail the surging wave of ransomware and identity-based attacks.

LIVE Q&A
Christopher Krebs will be taking questions from the audience during a live Q&A session. Get your questions ready!

Chris Krebs: What’s Buried in Every Breach Report that No One is Talking About

Cybercriminals want and need credentials and privileges to conduct their attacks. Provisioning, connecting, and controlling user IDs and passwords will only take you so far.  It is now a top priority for security teams to protect their business’s credentials, entitlements, privileges, and the systems that manage them to prevent falling prey to a disruptive attack.

Frank Ohlhorst, Principal Analyst for Emerging and Disruptive Technologies at Media Ops, and Carolyn Crandall, Chief Security Advocate at Attivo Networks, will dive into credential-based attacks and the new and emerging technology hitting the market to mitigate these risks.

Join this session to learn 
1. What identity protection looks like beyond traditional provisioning, connecting, and controlling identities.
2. What conditions allow attackers to leverage credentials, Active Directory, and the vast over-provisioning and policy drift of entitlements in the cloud.
3. How to close gaps between Endpoint Detection and Response (EDR) and Identity Protection solutions.
4. What Frank uncovered while reviewing some of the latest in Identity Detection and Response tools. 
5. How to justify budget and validate the need for identity security. (Hint: Ransomware readiness assessments all point to Active Directory misconfigurations that can grant access and control.) 

Special Offer for Attendees:
•	Free access to research report: The Rise of Active Directory Exploits: Is it Time to Sound the Alarm; EMA Research Report September 2021
•	Eligible businesses can receive a free Active Directory Assessment and Summary Report from Attivo Networks

Visibility and Invisibility of Credential Protection

Attackers target Active Directory (AD) as part of their discovery and data gathering tactics to identify high-value assets such as privileged accounts and critical infrastructure. Organizations are challenged with protecting against AD threats originating from non-Windows devices such as Linux, IOS, and others in addition to Windows-based, domain-joined endpoints.
Join us for a live discussion and demonstration to learn how adding AD protection capabilities installed on domain controllers provides real-time detection from non-domain-joined endpoints of:

- Golden & Silver Ticket attacks
- DCSync Attacks
- Reconnaissance of AD objects across LDAP, SAMR, LSAR

Catching Active Directory Reconnaissance from Rogue Devices

Active Directory

Ransomware

Endpoint Security

Cyber Attacks

CISO

IT Security

Cyber Defence

Cloud Security

Cyber Security

IoT Security

Get powerful e-commerce insights to grow your online transaction volume. Connect with thought leaders and colleagues to get the most up-to-date knowledge on the e-commerce strategies and techniques that drive growth.

E-commerce

The marketing community on BrightTALK is made up of thousands of engaged marketing professionals. Find relevant webinars and videos on marketing strategy, branding and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Marketing

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Effective financial management strategies can help organizations meet their business objectives. The financial management community on BrightTALK is made up of engaged finance and accounting professionals. Find relevant webinars and roundtable discussions featuring financial planning advice from industry thought leaders and insights into optimizing financial reporting, accounting, risk management and value measurement.

Financial Regulation

Get powerful banking and treasury insights for your business. Connect with experts and colleagues to get the most up-to-date knowledge on hot topics such as digital banking, payments disruption and non-bank competition. Learn how the latest treasury management strategies are helping to mitigate operational, financial and reputational risk.

Banking and Treasury

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Catching Active Directory Reconnaissance from Rogue Devices

Presented by

About this talk

More from this channel