Hi [[ session.user.profile.firstName ]]

The Dos and Don’ts of Recovering Active Directory from a Scorched Earth Disaster

The threat to Active Directory from ransomware and wiper attacks is generally understood, but the complexity of forest recovery is not. In “the good old days," AD recovery meant recovering AD from natural disasters and operational errors. But cyberattacks changed all that. With AD becoming a prime target for widespread, business-crippling attacks, it’s time to think “cyber-first."

In this technical workshop, you’ll learn the dos and don’ts of recovering AD from a cyber disaster.

The Presenters:
- Guido Grillenmeier, Microsoft MVP & Chief Technologist, DXC Technology

- Gil Kirkpatrick, Microsoft MVP & Chief Architect, Semperis
Recorded May 27 2020 62 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Gil Kirkpatrick and Guido Grillenmeier
Presentation preview: The Dos and Don’ts of Recovering Active Directory from a Scorched Earth Disaster

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Podcast | Choosing the Right Security Solution, Not the Temporary One Recorded: Aug 14 2020 16 mins
    Sander Berkouwer
    Nothing is as permanent in IT as a temporary solution. Sander Berkouwer, 11-time Microsoft MVP and CTO of SCCT, joins Sean on the Hybrid Identity Protection Podcast to discuss the "new normal," dynamics of Azure AD B2B, and what cutting corners in the world of identity access can bring about for administrators.

    Visit https://hipconf.libsyn.com/ to listen to all episodes of HIP: The Podcast.
  • Podcast | Weaning Yourself Away From GUI-Based AD Administration Recorded: Jul 17 2020 16 mins
    Mike Kanakos
    Continuous learning when it comes to being an AD Admin is a requirement as they’re tasked with adapting to maintain relevancy. Mike Kanakos (Senior Systems Engineer in IAM at Align Systems), discusses his path to automating tasks and tips for becoming less dependent on the GUI for Active Directory management, including the 5 Core AD Management PowerShell Cmdlets.
  • Windows Group Policy: Powerful Configuration Tool or Hacker’s Best Friend? Recorded: Jul 16 2020 61 mins
    Darren Mar-Elia
    What started as a sleepy technology for efficiently configuring 1000s of Windows desktops and servers, has now become a gold mine for attackers looking to expose your security posture and leverage your GPOs as “malware delivery vehicles”.

    In this webinar, Darren Mar-Elia (the “GPOGUY”) will summarize the nearly 4 years of research he’s done on the various ways attackers are exploiting GP. More importantly, he will break down the key steps you can take to defend your Group Policy environment, and therefore your Windows environment, from abuse.

    During this workshop, we’ll demonstrate:

    - How attackers use Group Policy for reconnaissance
    - How attackers use Group Policy as a vector for malware
    - How you can configure your AD and GPOs to prevent abuse
    - Best practices for managing Group Policy with security in mind
  • Podcast | Coping With User Demand Recorded: Jun 30 2020 20 mins
    Mary Jo Foley
    When the forecasting and planning for 2020 couldn’t call for what was in store, Microsoft became tasked with quickly catch up to the demand necessary for the new reality users faced. Expert Microsoft strategist and “Windows Weekly” podcast host, Mary Jo Foley, joins Sean to discuss just how Microsoft had to come to grips with the increased infrastructure load courtesy of COVID.
  • Podcast: Managing and Securing Cloud-Only Accounts in Your Hybrid Environment Recorded: Jun 10 2020 20 mins
    Allen Brokken
    Today’s guest on The HIP Podcast is Microsoft Cloud Specialist, Allen Brokken. As an expert in leveraging hybrid cloud techniques, Allen shares the right way to deal with admin accounts in your cloud service and how a phone call to the security operations center may be the best way to secure your global administrator accounts.
  • The Dos and Don’ts of Recovering Active Directory from a Scorched Earth Disaster Recorded: May 27 2020 62 mins
    Gil Kirkpatrick and Guido Grillenmeier
    The threat to Active Directory from ransomware and wiper attacks is generally understood, but the complexity of forest recovery is not. In “the good old days," AD recovery meant recovering AD from natural disasters and operational errors. But cyberattacks changed all that. With AD becoming a prime target for widespread, business-crippling attacks, it’s time to think “cyber-first."

    In this technical workshop, you’ll learn the dos and don’ts of recovering AD from a cyber disaster.

    The Presenters:
    - Guido Grillenmeier, Microsoft MVP & Chief Technologist, DXC Technology

    - Gil Kirkpatrick, Microsoft MVP & Chief Architect, Semperis
  • Podcast: Keeping a Security-First Mindset in a "Get It Done Fast" World Recorded: May 22 2020 17 mins
    Sean Metcalf
    In times of rapid change, security tends to take a back seat. And good hackers never waste a crisis. So, how are the pros managing remote access security risks during COVID-19? Tune into HIP Podcast episode # 3 featuring leading white hat Active Directory security expert, Sean Metcalf.

    Check out all Hybrid Identity Protection Podcast episodes at, https://hipconf.libsyn.com/
  • Is Remote Access Putting Your Organization at Risk? Recorded: May 19 2020 61 mins
    Hed Kovetz, CEO and Co-Founder, Silverfort and Gil Kirkpatrick, Chief Architect, Semperis
    Recent events forced us to change the way we work and today most employees are working remotely. While enabling remote access is critical these days, it’s also exposing us to more risk: when hundreds of users are inside the network – who is monitoring and validating that access to our most sensitive assets is legitimate and secure?

    In this webinar, we will discuss why remote access is putting organizations at risk. We will review examples of relevant attacks that target our most critical assets, like Active Directory. Finally, we’ll discuss what should be done to mitigate the threat and protect sensitive assets from breach and compromise.
  • Podcast: Cover Your SAAS: Getting a Handle on Access and Activity in a Cloud-F Recorded: May 6 2020 21 mins
    Ben Johnson
    With remote workforces accelerating digital transformation, security teams are shifting their mindset from controlling assets to managing access. This is not easy, especially in a cloud-first world where ease of installation and free trials reign supreme. In episode # 2 of the HIP Podcast, Ben Johnson, CTO and co-founder of Obsidian Security, discusses the new access-related issues that organizations face during COVID-19 and beyond.

    Check out all Hybrid Identity Protection Podcast episodes at, https://hipconf.libsyn.com/
  • Ransomware vs. Active Directory Backups Webinar Recorded: Apr 28 2020 61 mins
    Sean Deuby and Clark Brown
    What Can Throw a Wrench Into Your Disaster Recovery Process?
    When a ransomware or wiper attack takes out the domain controllers, traditional recovery processes can drag on for days or even weeks. Considering that cyber disasters now strike more frequently and inflict more business damage than natural disasters, it’s time to think “cyber-first.”

    Cyber-first requirements for Active Directory recovery:
    • Fully automate AD forest recovery
    • Prevent malware re-infection from BMR and system state backups
    • Restore AD to any hardware (virtual or physical)
    • Regain control of a compromised AD
    • Ensure the integrity of highly sensitive AD forests

    Presented by Sean Deuby (Director of Services at Semperis) and Clark Brown (Partner and Practice Leader at Alescent)
  • Podcast: Provisioning Identities with Security First Frame of Mind in Recorded: Apr 16 2020 15 mins
    Andrew Cedergren
    In this premiere episode of the HIP Podcast, host Sean Deuby is joined by IAM, Senior Security Engineer Lead at Delta Airlines, Andrew Cedergren. Having worked across directory services and information security for over 15 years, Andrew offers his expert perspective on the day-to-day fundamentals of building, operating and securing the hybrid enterprise.

    Check out all Hybrid Identity Protection Podcast episodes at, https://hipconf.libsyn.com/
  • Attacking and Defending AD Workshop Recorded: Apr 2 2020 71 mins
    Darren Mar-Elia and Andy Robbins
    How do you defend Active Directory, aka the “keys to the kingdom,” if you don’t know where the attacks are coming from? Hackers constantly find new ways to break into AD. And once inside, they’re increasingly adept at covering their tracks to silently create backdoors and establish persistent privileged access.

    In this workshop, we’ll demonstrate real-world attacks that are frequently used against AD, including credential theft, Kerberos-based attacks, Group Policy-based attacks, and ACL attacks.

    The expert presenters will play out both perspectives: attacker and defender. This is a red vs. blue standoff, so don’t expect a bunch of slideware.
  • Digital Identities, Passwords & Everything in Between Recorded: Feb 26 2020 28 mins
    Jim Routh | Head of Enterprise Information Risk Management at MassMutual
    Jim Routh is a recognized tech talent and leader in the cybersecurity industry. In addition to his role at MassMutual, he served as H-ISAC’s Chair of the Board and is a member of the Board of ZeroNorth, Advisory Board of the ClearSky Security Fund and Advisory Committee for the UC Berkeley Center for Long-Term Cybersecurity.
  • Talent Crisis - Meh Recorded: Feb 25 2020 21 mins
    Theresa Payton | CEO at Fortalice Solutions
    Theresa Payton is one of the nation’s leading experts in cybersecurity and IT strategy. As CEO of Fortalice Solutions, an industry-leading security consulting company, and co-founder of Dark Cubed, a cybersecurity product company, Theresa is a proven leader and influencer who works with clients and colleagues to uncover strategic opportunities and identify new and emerging threats.

    Theresa began her career in financial services, where she coupled her deep understanding of technology systems with visionary leadership, executing complex IT strategies and winning new business. Following executive roles Bank of America and Wachovia, Theresa served as the first female chief information officer at the White House, overseeing IT operations for President George W. Bush and his staff.
  • Breaking Identities The Fastest Way to Compromise Recorded: Feb 25 2020 26 mins
    Chris Roberts | Chief Security Strategist at Attivo Networks
    Chris Roberts is considered one of the world’s foremost experts on counter threat intelligence. With increasingly sophisticated attacks on targets of opportunity, Roberts’ unique methods of addressing the evolving threat matrix and experience with all information systems make him an indispensable partner to clients and industries that demand protection of financials, intellectual property, customer data, and other protected information from attack. He was previously currently Chief of Adversarial Research and Engineering for LARES, LLC. and Chief Security Architect for Acalvio Technologies. Roberts has led or been involved in information security assessments and engagements and has a wealth of experience with regulations such as GLBA, HIPAA, HITECH, FISMA, and NERC/FERC. He has also worked with government, state and federal authorities on standards such as CMS, ISO, and NIST.
  • Opening Remarks: Identity Resilience Summit 2020 Recorded: Feb 25 2020 5 mins
    Mickey Bresman | CEO at Semperis
    Mickey is a co-founder of Semperis and leads the company’s overall strategic vision and implementation. A long-time enterprise software expert, Mickey began his technical career in the Navy computing technical unit over a decade ago. Prior to co-founding Semperis, Mickey was the CTO of a Microsoft gold partner integration company, YouCC Technologies, successfully growing the company’s overall performance year over year. Mickey holds a BA in Technical Management and a Minor in Electronic Engineering.
  • Follow the Money: Link between Passwords and Terrorism Recorded: Feb 25 2020 8 mins
    Ori Eisen | CEO at Trusona
    Ori Eisen has spent the last two decades fighting online crime, and is respected for his business knowledge and leadership.

    Prior to founding Trusona, Mr. Eisen founded 41st Parameter – the leading online fraud prevention and detection solution for financial institutions and e-commerce. 41st Parameter was acquired by Experian in 2013.
  • DR.. Are You Ready? Recorded: Feb 12 2020 47 mins
    Christopher Lowde | Senior Solutions Architect
    It’s 3 am, and you get the call – Nothing is working. Do you pull out your DR plan? Start developing one? Or, stick your head under the pillow and hope it will be alright when you wake up?

    What is a DR plan, and what do you need to include in it? We will cover the obvious things, and all the things that you did not think about that are absolutely essential.
  • Moving Identity From On-Prem to the Cloud, Rinse and Repeat Recorded: Feb 11 2020 37 mins
    Chad Doty | Director of Identity at Ecolab
    The choice to move identity from on-premise to the cloud is easy; the real work is determining what goes, what stays behind, and how you communicate between the two.  Also, cloud Identity is ever-growing and changing, so you will continually be faced with reaffirming your choice and adapting.
  • Be Our Guest! Recorded: Feb 11 2020 44 mins
    John Savill | Principal Cloud Solution Architect at Microsoft
    In this session, we will explore the options around guest access to resources that are authenticated through Azure AD. This session will explore the key Azure AD B2B options in addition to the differences and when to use Azure AD B2C.
Identity-Driven Cyber Resilience
Semperis is the pioneer of identity-driven cyber resilience for cross-cloud and hybrid environments. The company provides cyber preparedness, incident response, and disaster recovery solutions for enterprise directory services—the keys to the kingdom. Semperis’ patented technology for Microsoft Active Directory protects over 40 million identities from cyberattacks, data breaches, and operational errors. Semperis is headquartered in New York City and operates internationally, with its research and development team distributed between San Francisco and Tel Aviv.

Semperis hosts the award-winning Hybrid Identity Protection conference. The company has received the highest level of industry accolades; most recently being named Best Business Continuity / Disaster Recovery Solution by SC Magazine’s 2020 Trust Awards. Semperis is accredited by Microsoft and recognized by Gartner.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Dos and Don’ts of Recovering Active Directory from a Scorched Earth Disaster
  • Live at: May 27 2020 1:50 pm
  • Presented by: Gil Kirkpatrick and Guido Grillenmeier
  • From:
Your email has been sent.
or close